TROJ_DLOAD.QYUA

TROJ_DLOAD.QYUA is a Trojan that's been observed to be installed via JavaScript and Windows Media-based vulnerabilities that are triggered by an initial midi file. Although the full extent of possibilities for TROJ_DLOAD.QYUA's attacks hasn't yet been analyzed, SpywareRemove.com malware researchers warn that TROJ_DLOAD.QYUA has been known to include rootkit techniques, advanced means of avoiding detection, concealed launches of web browser instances to conduct future attacks and even targeted attacks against common brands of PC security software. Avoiding suspicious websites is the easiest method of preventing your computer from getting infected by TROJ_DLOAD.QYUA, although if you do suspect that TROJ_DLOAD.QYUA has been installed, you should strive to disable TROJ_DLOAD.QYUA and then delete TROJ_DLOAD.QYUA with any anti-malware program that you feel is up to the task.

The First Verse in TROJ_DLOAD.QYUA's Software-Destroying Melody

Although TROJ_DLOAD.QYUA may also be delivered by other methods, the standard means of installation for TROJ_DLOAD.QYUA makes use of a malicious midi file (a simplistic music file format) to exploit vulnerabilities in Windows Media programs, which can, in turn, be used to trigger JavaScript exploits that, finally, install an encrypted form of TROJ_DLOAD.QYUA. Encryption methods and other defensive measures by TROJ_DLOAD.QYUA may prevent your anti-malware software from detecting TROJ_DLOAD.QYUA, although having recent threat databases and constantly active security software can raise your chances of finding TROJ_DLOAD.QYUA before TROJ_DLOAD.QYUA can cause real damage to your PC.

SpywareRemove.com malware analysts warn that TROJ_DLOAD.QYUA's installation is concealed and that you may not see any sign of TROJ_DLOAD.QYUA's presence – although the delivery method described above does require the playing of a midi file, as well as the presence of JavaScript on your computer; however, the Windows Media half of this vulnerability has been corrected by official patches and keeping Windows up-to-date with patches will prevent this method of TROJ_DLOAD.QYUA installation. Windows systems XP Service Pack 2, Windows XP Service Pack 3, Windows Vista Service Pack 2, Windows Server 2003 Service Pack 2 and Windows Server 2008 Service Pack 2 operating systems are all vulnerable to this exploit.

Getting TROJ_DLOAD.QYUA Before It Can Get Your PC

TROJ_DLOAD.QYUA has been described as having a 'serious payload' and may be used to install other types of PC threats, open a backdoor on your computer or cause a variety of different issues. SpywareRemove.com malware experts have noted the following functions, in particular, all of which take place out of sight to reduce TROJ_DLOAD.QYUA's chances of being noticed:

• Rootkit features from related PC threats, such as RTKT_MDIEXP.QYUA, that allow TROJ_DLOAD.QYUA to embed itself into the default boot process for your PC. This may also allow TROJ_DLOAD.QYUA to restore itself from partial deletion or launch itself even in Safe Mode. According to TROJ_DLOAD.QYUA's default behavior, RTKT_MDIEXP.QYUA is only dropped and launched if it detects files that are related to certain programs, such as REMon, ComBack 7 IR Pro or RISE Program Launcher JV.
• TROJ_DLOAD.QYUA can open a hidden instance of Internet Explorer; in addition to using up RAM and other system resources, this window may also be abused to make other attacks against your PC.
• The backdoor Trojan BKDR_EAYLA.QYUA may also be downloaded and installed, although this depends on configuration instructions that TROJ_DLOAD.QYUA receives from external servers.
• Most damningly, SpywareRemove.com malware researchers warn that TROJ_DLOAD.QYUA has been known to attack unrelated programs by modifying their privileges; this can make such programs inaccessible. Targeted programs can include APO Access Service, AlYac, Naver Vaccine, NHN Anti-Virus Scanner Service, Nsavsvc, V3 Light Framework and V3 Lite.

TROJ_DLOAD.QYUA-hosting HTML pages can be identified by the label HTML_EXPLT.QYUA.

Technical Details