Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Rogue.9656087
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:709.240 Bytes
MD5 checksum:331DE39B80019A55DA553830A92B3195

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: exqWebSearch
   •  Mcafee: RDN/Generic.hra!bs
   •  TrendMicro: TROJ_GEN.R0CBC0OJ213
   •  Sophos: Mal/VMProtBad-A
   •  Panda: Trj/CI.A
   •  Eset: Win32/ELEX.O
     Fortinet: W32/VMProtBad.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Files It tries to execute the following files:

Filename:
   • %appdata%\eUpdate\824376E7BBF443daB37D5616135D7C74\delta-homes.exe


Filename:
   • %temp%\eIntaller\4483E8E583A44d43BD73043488745A96\eXQ.exe

 Registry The following registry keys are added:

[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Protocols\Multi-Protocol Unified Hello\Client]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Protocols\Multi-Protocol Unified Hello\Server]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Protocols\PCT 1.0\Client]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Protocols\PCT 1.0\Server]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Ciphers]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Ciphers\RC4 128/128]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Ciphers\Triple DES 168/168]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Ciphers\NULL]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Hashes\MD5]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Hashes\SHA]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   KeyExchangeAlgorithms]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   KeyExchangeAlgorithms\PKCS]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   KeyExchangeAlgorithms\Diffie-Hellman]
[HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\
   Protocols]

 Miscellaneous  Checks for an internet connection by contacting the following web sites:
   • http://xa.xin**********om/v4/sof-ne**********language,en
   • http://xa.xin**********om/v4/sof-ne**********oad.finish,4781
   • http://dl.ele**********5.com/dl/get_tab
   • http://file.s**********om/Public/so**********ll/eXQ.exe
   • http://dl.ele**********5.com/Public**********6.crx
   • http://dl.ele**********5.com/Public**********6.crx

Description inserted by Soe-liang Tan on Tuesday, October 8, 2013
Description updated by Soe-liang Tan on Tuesday, October 8, 2013

Back . . . .