Trojan.Dropper.RQU
HIGH
MEDIUM
variable
(Trojan.Win32.AntiAV.t)
Symptoms
The presence of an executable file having a 6-letter random name in %SYSDIR% or the presence of usnsvc.exe in %TEMPDIR% (usually c:\Documents and Settings\Administrator\Local Settings\Temp)
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Dana Stanut, virus researcher
Technical Description:
This malware comes bundled with a legitimate piece of software. The analyzed file came with Product Key Explorer (a software that retrieves serial keys from network computers). It drops and executes a file named usnsvc.exe detected as Trojan.Dropper.IRCBot.HW. This last one will drop an IRCBot having a 6-letter random name in %SYSDIR% that will connect to the IRC server irc.public.rarbg.com (detected as Generic.Sdbot.119A3BF4).
SHARE
THIS ON