W32/Qbot

W32/Qbot Description

Win32/Qbot is a hazardous malware infection which uses harmful tricks to download other infected malware threats from the web. Win32/Qbot opens up firewalls and gathers confidential data, such as personal financial information. Win32/Qbot also downloads additional components before the criminals get the remote access to the corrupted PC system. The main goal of W32-Qbot is to re-subordinate infected computer system to a remote hacker. In most cases, all that the Win32/Qbot in question achieves is engagement of a corrupted machine into spam delivery, but there is always a space for further manipulations, which are subject to attacker's orders and the Win32/Qbot integration into a computer system. Win32/Qbot definitely has an identified security threat and should be removed immediately after its detection on a computer system.


This Week In Malware Episode 24 Part 2: Qbot Banking Trojan Hijacking Legitimate Emails to Personal Steal Data

Technical Information

Registry Details

W32/Qbot creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN XTray.exe