QTPLUGIN.EXE

File Behavior

QTPLUGIN.EXE has been seen to perform the following behavior:

• Found on infected systems and resists interrogation by security products
• Can Send email using SMTP protocols
• This Process sends MIME Email
• Hijacks your email account which could allow email to be sent in your name
• Adds a Registry Key (RUN) to auto start Programs on system start up
• This Process Deletes Other Processes From Disk
• This process creates other processes on disk
• Can communicate with other computer systems using HTTP protocols
• Sends email using SMTP protocols
• Registers a Dynamic Link Library File
• The Process is packed and/or encrypted using a software packing process
• Executes Processes stored in Temporary Folders
• Writes to another Process's Virtual Memory (Process Hijacking)
• Executes a Process
• Injects code into other processes
• Performs DNS look ups to resolve URL IP addresses
• Creates, registers ot modifies and SMTP Server
• Creates a new Background Service on the machine
• Loads and Executes a System Driver File
• Creates system tray popups, messages, errors and security warnings
• Uses DNS to retrieve the IP address for web sites
• Registers Start Of Authority configuration settings for email servers
• Registers or amends SMTP Mail Servers on the public internet

QTPLUGIN.EXE has been the subject of the following behavior:

• Added as a Registry auto start to load Program on Boot up
• Created as a process on disk
• Executed as a Process
• Executed from Temporary Folders
• Has code inserted into its Virtual Memory space by other programs
• Terminated as a Process
• Registered as a Dynamic Link Library File