Content

QDel297

Type
Trojan
SubType
File Deletion
Discovery Date
11/13/2002
Length
EXE: 29,696 bytes
BAT: 54 bytes
Minimum DAT
4234 (11/20/2002)
Updated DAT
4239 (12/23/2002)
Minimum Engine
5.1.00
Description Added
11/13/2002
Description Modified
11/13/2002 9:03 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This trojan written in Visual Basic drops an AUTOEXEC.BAT file and forces the victim machine to restart. This runs the dropped AUTOEXEC.BAT file displaying the following string:

     subnix owns you

Subsequently, the deletion of all files from the system drive is attempted using the system tool DELTREE.EXE (with confirmations suppressed).

The indicated DATs detect the EXE as QDel297.dr, and the BAT as QDel297.

Symptoms

Missing files from the machine.

Method of Infection

When the executable is run on the machine, AUTOEXEC.BAT is dropped (overwriting existing if present) and machine is restarted.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This trojan written in Visual Basic drops an AUTOEXEC.BAT file and forces the victim machine to restart. This runs the dropped AUTOEXEC.BAT file displaying the following string:

     subnix owns you

Subsequently, the deletion of all files from the system drive is attempted using the system tool DELTREE.EXE (with confirmations suppressed).

The indicated DATs detect the EXE as QDel297.dr, and the BAT as QDel297.

Symptoms

Symptoms -

Missing files from the machine.

Method of Infection

Method of Infection -

When the executable is run on the machine, AUTOEXEC.BAT is dropped (overwriting existing if present) and machine is restarted.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A