Home / malware Trojan.Dropper.RQU
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Dropper.RQU is also known as Trojan.Win32.AntiAV.t.
Explanation :
This malware comes bundled with a legitimate piece of software. The analyzed file came with Product Key Explorer (a software that retrieves serial keys from network computers). It drops and executes a file named usnsvc.exe detected as Trojan.Dropper.IRCBot.HW. This last one will drop an IRCBot having a 6-letter random name in %SYSDIR% that will connect to the IRC server irc.public.rarbg.com (detected as Generic.Sdbot.119A3BF4).
Last update 21 November 2011