Windows Security Tutorials - Herong's Tutorial Examples - Version 3.00, by Dr. Herong Yang
EngQQ2005Formal.exe and Adware Trojan
This section provides security risk information about QQ IM client program, EngQQ2005Formal.exe, which contains some adware, but safe to use.
A few weeks ago, I downloaded the QQ IM client program QQ2005 English Standard Version, EngQQ2005Formal.exe, from http://im.qq.com/qq/mo.shtml?/download/qqe.shtml. When I installed EngQQ2005Formal.exe, I noticed an entry in the McAfee log file, OnAccessScanLog:
<date time> Deleted herong C:\temp\EngQQ2005Formal.exe C:\Documents and Settings\herong\Local Settings\Temp\nsa13F.tmp \Setup_QQ.exe Generic.dx (Trojan)
What happened here was that, during the installation process, EngQQ2005Formal.exe created a temporary file called Setup_QQ.exe. But McAfee detected that Setup_QQ.exe contains an adware Trojan called Generic.dx. McAfee deleted Setup_QQ.exe to protect my system.
Interestingly, my installation of EngQQ2005Formal.exe finished ok and worked fine without this Setup_QQ.exe.
I also searched on the Internet for any security issues related to EngQQ2005Formal.exe and saw this Web page: http://www.browserdefender.com/file/511195/site/qq.com/. It provided a full security analysis report on EngQQ2005Formal.exe. Here is a summary of the report:
Download Analysis for EngQQ2005Formal.exe, 16,540,758 bytes We have tested this file and found no serious problems, although extra caution is advised. Files created with adware risks: %Temp%\nsl3.tmp\Setup_QQ.exe, 142,336 bytes, Adware.Agent.XUJ %ProgramFiles%\Tencent\Adplus\scrax.dll, 56,320 bytes, Adware-TCent %ProgramFiles%\Tencent\Adplus\SSAddr1.dll, 122,880 bytes, Adware-TCent There were registered attempts to establish remote connection: scdown.qq.com, Port: 1080
After reading this report, I feel more confident about using the QQ IM client, because I removed those adware related files.
Last update: 2006.
Table of Contents