TROJ_QUICKTM.A
Windows 98, ME, NT, 2000, XP, Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. it makes use of a specially crafted .MOV file to download other malicious files.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This is the Trend Micro detection for movie (.MOV) files that have been created to download other malicious files on the system.
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
TECHNICAL DETAILS
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
Other Details
Based on analysis of the codes, it has the following capabilities:
- Directs users to the malicious site http://{BLOCKED}y.{BLOCKED}staller.com/0.c, which displays a fake MediaPass page where TROJ_DLOAD.QWK can be downloaded.
- Plays the malicious .MOV file that displays a codec error message and then prompts users to download an update for the Quicktime player. Trend Micro detects the fake update as TROJ_TRACUR.SMDI.
SOLUTION
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Remove malware files dropped/downloaded by TROJ_QUICKTM.A
- TROJ_TRACUR.SMDI
Step 3
Scan your computer with your Trend Micro product to delete files detected as TROJ_QUICKTM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.