1. /
  2. Security Response/
  3. Adware.Qidion

Adware.Qidion

Updated:
February 13, 2007 11:43:11 AM
Type:
Adware
Version:
1.0.0.4
Publisher:
www.qidion.com
Risk Impact:
Medium
File Names:
qi32.dll
Systems Affected:
Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Qidion is installed, it does the following:
  1. Contacts www.qidion.com to update itself to the latest version.

  2. Downloads the following files:

    • %Windir%\Downloaded Program Files\qi32.dll
    • %Windir%\Downloaded Program Files\nav2.bmp
    • %Windir%\Downloaded Program Files\logo2.bmp
    • %Windir%\Downloaded Program Files\viagra.bmp
    • %Windir%\Downloaded Program Files\go_search.bmp
    • %Windir%\Downloaded Program Files\777.bmp
    • %Windir%\Downloaded Program Files\usagold.bmp

      Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  3. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3789CBF0-C4CA-4e98-B93B-22ACF0587FBA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8D038F3D-7A31-42FA-8233-EDF3DDD9FC25}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pugi.PugiObj
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pugi.PugiObj.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qidionqidion
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3789CBF0-C4CA-4e98-B93B-22ACF0587FBA}
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3789CBF0-C4CA-4e98-B93B-22ACF0587FBA}
    HKEY_CURRENT_USER\Software\qidion


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver