Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

QReg-9 (trojan)

Feb 10, 2004 11:57PM PST

Date Discovered: 2/8/2004
Date Added: 2/11/2004
Origin: Unknown
Length: 53,248 bytes
Type: Trojan
SubType: Win32

This trojan is written in MSVB, and is intended to alter various settings on the victim machine. It may be received with a .JPG.EXE file extension, intended to fool the user into thinking it is an image, not an executable file.

When run, the trojan copies itself as BCFOLDER.EXE to the system directory of the victim machine, for example:

C:\WINNT\SYSTEM32\BCFOLDER.EXE
The following Registry key is modified to hook the trojan:

HKEY_CLASSES_ROOT\Folder\shell\open\command "(Default)"
It is changed from:

%SystemRoot%\Explorer.exe /idlist,%I,%L
to:

C:\WINNT\System32\BCfolder.exe explorer.exe /idlist,%I,%L

MORE: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101011

Discussion is locked