W32.Qudos


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: N/A
Geographical info: North America
Removal: N/A
Platform: W32
Discovered: 19 Jul 2002
Damage: N/A

Characteristics: W32.Qudos is an encrypted Win32 virus. It infects Windows Portable Executable (PE) files that have the following extension: .exe, .dll. or .ocx. It infects these files if they are in the same folder as the virus or in the Windows folder.

More details about W32.Qudos

The virus is a slow infector. It infects only up to 20 PE files in each of the two folders whenever it runs. Any of the files has a 15% chance of being infected. When an infected program is executed, the virus gets control of the system. It randomly chooses Windows Portable Executable (PE) files that have the following extensions: .exe, .dll, or .ocx that are in the same folder as the virus or in the Windows folder. It infects each file only once. It looks for a "Quds" string near the entry point. It sees if the file is already infected. If not, the virus appends its encrypted body to the last section of the host file. It changes the entry point of the host file to the viral body in the last section. It marks this section "is executable" and "contains code."

The W32.Qint@mm program downloads files to the infected computer. These files may contain instructions to be executed without the user’s consent. They can include disabling security features. This allows the W32.Qint@mm application to run without being detected. The software may also monitor the user’s activities. System information may be sent to the remote server. Unauthorized users can use the IP address, computer name, and operating system used to send compatible malware programs.