Aliases: TR/PSW.Qbot.bqf [AntiVir], Trojan.Generic.KD.127360 [BitDefender], BKDR_AFCORE.SMA1, a variant of Win32/Kryptik.KPK [NOD32], Cryptic.CCH [AVG], Trojan/PSW.Qbot.dq, TR/PSW.Qbot.bhs [AntiVir], Trojan-PWS.Win32.Qbot!IK, Gen:Variant.Kazy.9722 [BitDefender], Win32:Oficla-BU [Avast], TROJ_SLIPBOT.SM, a variant of Win32/Kryptik.KAY [NOD32], Trojan.Kryptik!TQe92ulW8Q8, Trojan.DownLoader.origin [DrWeb] and ApplicUnwnt.Win32.Adware.Agent.~GGS [Comodo].

Technical Information

File System Details

Backdoor.Qakbot.gen!A creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\My Documents\FLVPlayer_Setup.exe 453,632 6c4cda0fbe9fdc4adf3cc8792205fdb2 75
2 %APPDATA%\GabPath\gabpath.exe 1,126,400 37605885704af058705b85934e91eaa6 17
3 %WINDIR%\system32\royegiz.dll 116,436 b8bf1afd749b132379e133b6eee20629 15
4 %USERPROFILE%\?????? ??????????????????\????????????????????????\AudioConverter_Setup.exe 404,480 47f301a4bc60749231b865fdee367376 11
5 %ALLUSERSPROFILE%\ydaldpu0j\ydaldpu0j.exe 81,408 ed53a9811b838882199dec6a195d0f63 4
6 %ALLUSERSPROFILE%\uuikid\uuikid.exe 56,320 adcc7bc02a23c6e298fe1a1814dc8cba 1
7 %WINDIR%\system32\puwotaw.dll 104,660 33b9d6b5ee36e0273f1633328118bfd5 1

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.