Generic Dropper.vq

Generic Dropper.vq Description

Generic Dropper.vq is a dangerous trojan infection that will start downloading files to the infected computer system without a targeted user's consent which will result in security risk. Generic Dropper.vq may be installed for malignant purposes by a hacker that enable obtain access to your computer system from remote locations, stealing passwords, Internet banking and personal information. Generic Dropper.vq usually prevents users from accessing legitimate websites and redirect them to porn and malicious websites. When Generic Dropper.vq installs on your PC, it infects your system files and changes the system settings. It is highly recommended removing Generic Dropper.vq immediately from your machine and make sure your computer is clean.

Technical Information

File System Details

Generic Dropper.vq creates the following file(s):
# File Name Detection Count
1 %System%\tcpwakglib.exe N/A
2 %System%\E001.exe N/A
3 %System%\drivers\tcpz-x86d.sys N/A
4 %Windir%\svchost.exe N/A
5 %AllUsersProfile%\123.bat N/A
6 %System%\D001.exe N/A
7 %Windir%\Temp\30453.dll N/A
8 %CommonAppData%\lanmao.exe N/A
9 %System%\JATE.exe N/A
10 %Windir%\Temp\126375.dll N/A
11 %AllUsersProfile%\lmm.txt N/A
12 %AllUsersProfile%\lanmao.hiv N/A

Registry Details

Generic Dropper.vq creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{1e6963ff-bfe3-4498-a94d-c0e5982071d7}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b40c384e-0a44-4b46-b14b-c194fa0e5e8f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{e63e091a-cef1-4508-9e43-613f41485229}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{6344fe9c-c79b-444d-a90f-b589162416d5}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAKLSVC\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DAVNLWLB\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINRAR_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CQtMasse
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CQtMasse\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rcmdsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaklSvc\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CQTMASSE\0000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{d12ee85a-e3c4-468e-aadf-fbb0ad46d83b}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{667693ee-9ca9-4bf2-9d10-1b9b7c45057f}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{724bfd81-4eda-44b5-99fb-ee1b7c6dcf7a}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{74f6ef6c-5bcd-426b-8e42-ca194feeac0f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DAVNLWLB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TCPZ\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TCPZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAKLSVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMDMPMSN\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\daVNLWlB\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPZ\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaklSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CQTMASSE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRar Server\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{e788aac0-0854-464d-b3fe-e99614eaa5c8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{4de0233b-3368-4763-aba8-6b9002734dc9}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{4fb58661-b6d2-47d3-bc0b-42b4b9cddbde}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{27339a81-2984-4141-82aa-bc8c14fc0844}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CQTMASSE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CQTMASSE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RCMDSVC\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RCMDSVC
\Enum\Root\LEGACY_WMDMPMSN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINRAR_SERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\daVNLWlB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPZ\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rcmdsvc\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRar Server