Hydraq is a harmful Trojan with the ability to open a backdoor on a compromised system, giving attackers unauthorized access to the system. Hydraq was put in the spotlight when it conducted an attack on the Gmail accounts of human rights activists that were involved in China rights issues. Hydraq typically spreads via e-mail in the form of an attachment, or it enters a system through the exploitation of known system vulnerabilities. Hydraq may also modify the registry to ensure that it is executed each time a system is started up.

Once inside a system, Hydraq will allow attackers to do the following malicious activities: delete or create registry keys, modify files, restart or shut down a computer, modify token privileges, delete all system event logs, etc. Hydraq is registered as the system service RaS[four arbitrary characters]. Hydraq also creates an "ImagePath" value that always begins with svchost.exe. By adding its service name to the list of service names stored in the "netsvcs" value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, the existence of Hydraq will be known to svchost.exe and it will be loaded. Hydraq should be removed with a reliable security tool immediately after detection.

1 Comment

How to remove this?

Related Posts


Most Viewed