Threat Information for "Web Nexus Network"

Removal

Summary

Description

Technical Details

Removal

Top

StopSign will automatically remove this infection with a paid membership.

Summary

Top

Name: Web Nexus Network
Aliases:Trojan.Qoologic, TR/Dldr.Qoologic.BJ.2, W32/Downloader.SKF, Win32:Qoologic-AK, Downloader.Generic.VUO, Trojan.Downloader.Qoologic.BJ
Date Discovered: 2006-08-29
Protection Added: 2006-08-30

Description

Top

-- Ease of Removal

1: Uses redundant/watcher processes
2: Creates new unique registry entries
3: File names uniquely generated
4: Injects DLLs into running processes
5: Runs as a BHO or shell extension
6: Uses running processes
7: Consistent file contents
8: Consistently named
9: Creates new registry entries with consistent data

-- Damage/Intrusion/Annoyance

1: Downloads other threats
2: Displays targeted popup advertisements
3: Creates new files
4: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Installed by other infections

Technical Details

Top

Added Directory/File:
FilePath: %SYSTEMDIR%\?????.exe MD5: 34927efd7594648462bb18e713ada55f
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: 08d83b32fbed84a20afda14135be3acd
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: f9178dcafb623e999518fff4eeec7d80
Added Directory/File:
FilePath: %WINDIR%\???????.exe MD5: 1890ae82f25b9ce97b7a116101576250
Added Directory/File:
FilePath: %WINDIR%\?????.dll FileSize: 24
Added Directory/File:
FilePath: %WINDIR%\?????.dat MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll MD5: 88535bbfa373066f26e52fd70dc570a3
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %USERSTARTUP%\????.exe* MD5: 589527474ab6e43700061f64742bea66
Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\???????.dll MD5: 88535bbfa373066f26e52fd70dc570a3
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: fdfd653ac7ecb3ebf9855e82b0ab7a1f
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: d93466d6d5ecaf6a0429980f6b28c527
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.exe* MD5: 5e822ee6fb1fe0cb10664e1367daed23
Added Directory/File:
FilePath: %ROOTDRIVE%*new.exe*
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %WINDIR%\?????.exe FileSize: 28672
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: 588e1f029013254ea2218a587d14fee5
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: 08d83b32fbed84a20afda14135be3acd
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: 4ff47b5766b6734ff85011e42bf3efa9
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat FileSize: 127488
Added Directory/File:
FilePath: %USERSTARTUP%\?????.exe MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\???????.exe* MD5: 272e1d5eb4e85c4e03633f7d431fd6be
Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %WINDIR%\???????.dll MD5: 24a264ac744b62e134a84d85bd82d69c
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll MD5: d2a43ff26903976739400c33a3bf0f67
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 03c141b05158aaa1f7479e3719c59246
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %USERSTARTUP%\?????.exe MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: ed1b407553643224c3a8c18a7ea98135
Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: 4ff47b5766b6734ff85011e42bf3efa9
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: 6f9653a1ee11217c7eb4fd651766cae9
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.exe MD5: 469115047b4c4dd4723440d93b70739e
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe* MD5: 7a10365c5a51f63db6f07172c4ac0bf1
Added Directory/File:
FilePath: %USERSTARTUP%\????.exe* MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %WINDIR%\???????.exe MD5: 272e1d5eb4e85c4e03633f7d431fd6be
Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: 866b13cac6075150ac2b5cb4c48243c9
Added Directory/File:
FilePath: %WINDIR%\*.dat FileSize: 53
Added Directory/File:
FilePath: %SYSTEMDIR%\wuauclt.dll*
Added Directory/File:
FilePath: %TEMPDIR%\f*.exe
Added Directory/File:
FilePath: %COMMONSTARTUP%\????.exe MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\?????.exe MD5: 5b38fed0e73f6ca2a2ad2d8b5a974284
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: 4b6250a58bca7c849547fe3899f6d509
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: 7f7ce87bb86dbc564bb6a2ba7d980a42
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.exe MD5: 1890ae82f25b9ce97b7a116101576250
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 469115047b4c4dd4723440d93b70739e
Added Directory/File:
FilePath: %COMMONSTARTUP%\????.exe MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %WINDIR%\???????.exe MD5: 4fa859b376e1cd68b6606bd7f103d6a6
Added Directory/File:
FilePath: %WINDIR%\?????.dll FileSize: 23
Added Directory/File:
FilePath: %WINDIR%\?????.dat FileSize: 53
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: faf278f88e545532e9058fe3d3b86061
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %USERSTARTUP%\????.exe MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %WINDIR%\*.dat MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\???????.exe MD5: d4829e8f778b1218f562bb806ad060bb
Added Directory/File:
FilePath: %WINDIR%\???????.dll MD5: b2020a73799934aca889c4515089aa92
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll MD5: 24a264ac744b62e134a84d85bd82d69c
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe MD5: 589527474ab6e43700061f64742bea66
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll* MD5: 90a4f4c769c7a58eeb61370bf19af58f
Added Directory/File:
FilePath: %WINDIR%\?????.dat MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %WINDIR%\???????.exe FileSize: 28672
Added Directory/File:
FilePath: %WINDIR%\?????.dll FileSize: 34
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll MD5: 90a4f4c769c7a58eeb61370bf19af58f
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll MD5: 4ff47b5766b6734ff85011e42bf3efa9
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.exe MD5: 03c141b05158aaa1f7479e3719c59246
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat MD5: 7a10365c5a51f63db6f07172c4ac0bf1
Added Directory/File:
FilePath: %COMMONSTARTUP%\????.exe* MD5: 589527474ab6e43700061f64742bea66
Added Directory/File:
FilePath: %WINDIR%\*.dat* MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %WINDIR%\*.dat MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: d93466d6d5ecaf6a0429980f6b28c527
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: af316474c3504f54ba00b408f8dd6251
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.exe* MD5: 272e1d5eb4e85c4e03633f7d431fd6be
Added Directory/File:
FilePath: %WINDIR%\?????.dat MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %COMMONSTARTUP%\????.exe MD5: 7a10365c5a51f63db6f07172c4ac0bf1
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: be71f54726d5548fbb4351b849ec2787
Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: 6f9653a1ee11217c7eb4fd651766cae9
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: 6f9653a1ee11217c7eb4fd651766cae9
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe MD5: 7a10365c5a51f63db6f07172c4ac0bf1
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dat* MD5: 589527474ab6e43700061f64742bea66
Added Directory/File:
FilePath: %COMMONSTARTUP%\?????.exe MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\???????.dll MD5: eb881d123af640b6c6beac76df6f45dd
Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: 03c141b05158aaa1f7479e3719c59246
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: a50905a5503d60de141266e38b47d1d2
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll* MD5: 3c7545fda6ba922c0bf8a3961b83884c
Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %TEMPDIR%\???????.exe
Added Directory/File:
FilePath: %COMMONSTARTUP%\?????.exe MD5: 1dcdaf76521850f8a8980249ba098cf8
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dat MD5: c250650ad39185f4467ad91d4caeeca6
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: 66231407876ec139e5999dd33f7363da
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: 552d5b9a7c12344671635fabc9d9e0d4
Added Directory/File:
FilePath: %SYSTEMDIR%\?????.dll MD5: f6cca87544672c7a151fe370ff1fb2fd
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %SYSTEMDIR%\*.dat MD5: 7a10365c5a51f63db6f07172c4ac0bf1
Added Directory/File:
FilePath: %COMMONSTARTUP%\????.exe* MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %WINDIR%\?????.exe MD5: 34927efd7594648462bb18e713ada55f
Added Directory/File:
FilePath: %WINDIR%\??????.exe MD5: 5f4babde59257de5c4b4fc7e8db60f69
Added Directory/File:
FilePath: %WINDIR%\?????.dll FileSize: 142
Added Directory/File:
FilePath: %WINDIR%\*.exe* MD5: d906e2f15b51739a2f9d7d052ddbed82
Added Directory/File:
FilePath: %SYSTEMDIR%\???????.dll* MD5: eb881d123af640b6c6beac76df6f45dd
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.cpl* MD5: 8acfca61a720c7991d72857b720d3b08
Added Directory/File:
FilePath: %USERSTARTUP%\????.exe MD5: f2539883a503c51d8d2fd922ebf99bec
Added Directory/File:
FilePath: %WINDIR%\*.dat MD5: c60f5343fef0ebbb0b04a8bdc2f1649c
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: faf278f88e545532e9058fe3d3b86061
Added Directory/File:
FilePath: %WINDIR%\?????.dll MD5: fbd853ebb9ae5b945979d0eb7dff0b7c
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.dll MD5: 797e3a1882de3a011dfedf5fd4982215
Added Directory/File:
FilePath: %SYSTEMDIR%\??????.exe* MD5: 589527474ab6e43700061f64742bea66
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{cb07b936-0943-4afd-b18f-e11cc5d3c0ec}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\????????
Added Registry Key:
Key: HKLM\SOFTWARE\qstat
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{093051de-4155-420f-a723-d840035a1df6}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{bd62f1dd-33f8-4a28-9df9-2f9ec716f6de}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{dccdc4db-0305-43dd-9bac-4c563cb91f3b}
Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\qlouta
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\???????
Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\qwdata
Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\WebNexus
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
Added Registry Key:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}
Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{2d580bf1-f94a-46dd-a745-54d0ea63d827}
Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: winsync
Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: .exe reg_run
Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: .exe reg_run
Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\DMONWV.DLL
Added Module:
Process: *.exe Module: *.*
Added Module:
Process: *.exe Module: *.*
Added Module:
Process: *.exe Module: *.*
Added Module:
Process: *.exe Module: *.*

Membership
Products
- StopSign
- System Requirements
Downloads
Support
- FAQ
- Getting Started
- Helpfiles
- Library
Company
- Press
  - Software Requests
- Investors
- Careers
  - Listings
- Partners
  - Computer Repair Shop
- Trademarks
- Privacy
- Legal
  - EULA
  - T4C Terms
- Terms Of Use
Contact
- Survey
Research
- Search
- Glossary
- Whitepapers
  - Antivirus
  - Firewall
  - Phishing
  - Spyware
- Submit Sample
Sitemap