Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

TROJ_QUICKTM.A

ANALYSIS BY

Kathleen Notario


PLATFORM:

Windows 98, ME, NT, 2000, XP, Server 2003

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted: No

  • In the wild: Yes

OVERVIEW


This Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. it makes use of a specially crafted .MOV file to download other malicious files.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This is the Trend Micro detection for movie (.MOV) files that have been created to download other malicious files on the system.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

TECHNICAL DETAILS

File Size:

Varies

File Type:

Other

Memory Resident:

No

Initial Samples Received Date:

30 Jul 2010

Payload:

Downloads files

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

Other Details

Based on analysis of the codes, it has the following capabilities:

  • Directs users to the malicious site http://{BLOCKED}y.{BLOCKED}staller.com/0.c, which displays a fake MediaPass page where TROJ_DLOAD.QWK can be downloaded.
  • Plays the malicious .MOV file that displays a codec error message and then prompts users to download an update for the Quicktime player. Trend Micro detects the fake update as TROJ_TRACUR.SMDI.

SOLUTION

Minimum Scan Engine:

8.900

VSAPI OPR PATTERN File:

7.351.00

VSAPI OPR PATTERN Date:

31 Jul 2010

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Remove malware files dropped/downloaded by TROJ_QUICKTM.A

    TROJ_TRACUR.SMDI 
    TROJ_DLOAD.QWK 

Step 3

Scan your computer with your Trend Micro product to delete files detected as TROJ_QUICKTM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.

Connect with us on