Coi chừng ngựa thành Troa qbr2q.exe
Con ngựa thành Troa này mới xuất hiện ngày 22/10/2009.
Đặc điểm của nó được Prevx mô tả như sau:
QBR2Q.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Writes to another Process's Virtual Memory (Process Hijacking)
- This process creates other processes on disk
- Adds a Registry Key (RUN) to auto start Programs on system start up
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
- This Process Deletes Other Processes From Disk
QBR2Q.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Deleted as a process from disk
Country Of Origin
The filename QBR2Q.EXE was first seen on Oct 25 2009 in the following geographical region of the Prevx community:
- The EUROPEAN UNION on Oct 25 2009
File Name Aliases
QBR2Q.EXE can also use the following file names:
Filesizes
The following file size has been seen:
File Type
The filename QBR2Q.EXE is used by multiple object types including executable programs,Dynamic Link LIbraries.
0 comments:
Post a Comment