EngQQ2005Formal.exe and Adware Trojan

This section provides security risk information about QQ IM client program, EngQQ2005Formal.exe, which contains some adware, but safe to use.

A few weeks ago, I downloaded the QQ IM client program QQ2005 English Standard Version, EngQQ2005Formal.exe, from http://im.qq.com/qq/mo.shtml?/download/qqe.shtml. When I installed EngQQ2005Formal.exe, I noticed an entry in the McAfee log file, OnAccessScanLog:

<date time> Deleted herong C:\temp\EngQQ2005Formal.exe 
   C:\Documents and Settings\herong\Local Settings\Temp\nsa13F.tmp
   \Setup_QQ.exe Generic.dx (Trojan)

What happened here was that, during the installation process, EngQQ2005Formal.exe created a temporary file called Setup_QQ.exe. But McAfee detected that Setup_QQ.exe contains an adware Trojan called Generic.dx. McAfee deleted Setup_QQ.exe to protect my system.

Interestingly, my installation of EngQQ2005Formal.exe finished ok and worked fine without this Setup_QQ.exe.

I also searched on the Internet for any security issues related to EngQQ2005Formal.exe and saw this Web page: http://www.browserdefender.com/file/511195/site/qq.com/. It provided a full security analysis report on EngQQ2005Formal.exe. Here is a summary of the report:

Download Analysis for EngQQ2005Formal.exe, 16,540,758 bytes

We have tested this file and found no serious problems, although extra
caution is advised.

Files created with adware risks:
%Temp%\nsl3.tmp\Setup_QQ.exe, 142,336 bytes, Adware.Agent.XUJ
%ProgramFiles%\Tencent\Adplus\scrax.dll, 56,320 bytes, Adware-TCent
%ProgramFiles%\Tencent\Adplus\SSAddr1.dll, 122,880 bytes, Adware-TCent

There were registered attempts to establish remote connection:
scdown.qq.com, Port: 1080

After reading this report, I feel more confident about using the QQ IM client, because I removed those adware related files.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

McAfee Virus and Malware Protection Tools

 What Is McAfee Security Scan Plus?

 Manual Scan with McAfee Security Scan Plus

 Network Connection List with FPort v2.0

 What Is McAfee VirusScan Enterprise?

 VirusScan Enterprise 8.5.0i Services

 VirusScan Enterprise Startup Programs

 VirusScan Enterprise 8.5.0i Log Files

 OnAccessScanLog.txt Log File

EngQQ2005Formal.exe and Adware Trojan

 Running VirusScan On-Demand Scan

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 Full Version in PDF/ePUB