TROJ_DLOAD.QYUA is a trojan associated with the ipconfig.exe file and designed to attempt to run this file and then delete any copies of itself. It also has the capability to change the sizes of any files that TROJ_DLOAD.QYUA drops by adding garbage data to each file. Typically, TROJ_DLOAD.QYUA enters a computer through malicious websites that take advantage of a particular Windows vulnerability. TROJ_DLOAD.QYUA operates by creating an invisible Internet Explorer window. Basically, the main goal of TROJ_DLOAD.QYUA is to connect to a remote server and to install malware on the victim's system.
Table of Contents
How TROJ_DLOAD.QYUA Attacks a Computer System
TROJ_DLOAD.QYUA is associated with various dropped files in the Windows system folder (which varies from one version of Windows to another). This is very common in modern malware, which tends to spread out by integrating various components in a malware attack. In this way, criminals can ensure that the victim's computer system becomes infected even if one of the various components of the malware infection is stopped. Of the dropped files, one is a SYS file in the driver's folder and another is a malicious DLL file which will usually be detected as TROJ_DLOAD.QYUA infection. TROJ_DLOAD.QYUA also drops various EXE files and some non-malicious files which are simply there to make the attack more effective. Once installed, TROJ_DLOAD.QYUA opens a hidden Internet Explorer window which TROJ_DLOAD.QYUA then uses to connect to a remote server in order to download other malware.
TROJ_DLOAD.QYUA and a Windows Media Vulnerability
TROJ_DLOAD.QYUA has been associated with a malware attack which attempted to take advantage of a flaw in Windows Media. Fortunately, this security vulnerability has already been patched. ESG security researchers strongly recommend patching your Windows operating system with the latest updates in order to prevent this attack. Basically, criminals were using social engineering to lure victims to an attack website containing a corrupted MIDI file and a script in Java designed to take advantage of the previously-mentioned security hole in order to force the victim's computer system to download TROJ_DLOAD.QYUA from another website. Because of the very nature of TROJ_DLOAD.QYUA, its effects vary. This is because TROJ_DLOAD.QYUA's main function is to connect to a remote server and download additional malware. The version of TROJ_DLOAD.QYUA linked to this malware attack has been detected to download an extremely severe malware infection with rootkit capabilities.
SpyHunter Detects & Remove TROJ_DLOAD.QYUA
File System Details
Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.