DIQWTWIU.DLL is Trojan Click

June 26, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked some samples of DIQWTWIU.DLL and detected the file DIQWTWIU.DLL as threat.
Remove the DIQWTWIU.DLL file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of DIQWTWIU.DLL
Full path on a computer: %SysDir%\diqwtwiu.dll

Detected by UnHackMe:

DIQWTWIU.DLL
Default location: %SysDir%\diqwtwiu.dll

Removal Results: Success
Number of reboot: 1

DIQWTWIU.DLL is known as:

Trojan.Click

DIQWTWIU.DLL hash:

  • MD5: fb8e88656a2319f4243d5539e8b1c9ac
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect DIQWTWIU.DLL presence?

Registry:
  • HKLM\Software\Classes\CLSID\{0B129884-0F69-B02F-2C4A-F42D723D8D77}\InprocServer32\: “c:\windows\system32\diqwtwiu.dll”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched: “%AllUsersProfile%\svchost.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AutoStart: “%Profile%\4txa.exe”
  • HKLM\System\CurrentControlSet\Services\loeuuxly\Parameters\ServiceDll: “%SysDir%\diqwtwiu.dll”
  • HKLM\System\CurrentControlSet\Services\loeuuxly\DisplayName: “Microsoft Composite Battery Helper”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\guaqod: “%Profile%\guaqod.exe /v”
  • HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\: “\\.\globalroot\systemroot\Installer\{b191330c-415d-5883-57c7-9de300728739}\n.”
  • HKLM\System\CurrentControlSet\Services\sr\ImagePath: “system32\DRIVERS\sr.sys”
Folders:
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\L
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\U
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\L
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U
Files:
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\@
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\n
  • %Profile%\1txa.exe
  • %Profile%\3txa.exe
  • %Profile%\4txa.exe
  • %Profile%\5txa.exe
  • %Profile%\fuulos.com
  • %Profile%\guaqod.exe
  • %Profile%\jeaem.exe
  • %Profile%\qoevit.com
  • %Profile%\start1.exe
  • %Common Appdata%\common.data
  • %AllUsersProfile%\svchost.exe
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\n
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\00000001.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\80000000.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\800000cb.@
  • %SysDir%\Restore\MachineGuid.txt
  • %SysDir%\diqwtwiu.dll
  • %WinDir%\Tasks\At1.job
  • %WinDir%\Tasks\At2.job


  • Recommended: UnHackMe anti-rootkit and anti-malware

    Premium software: RegRun Security Suite (Good choice for removal and protection)

    Written by

    Malware Hunter.

    Tags: Click, DIQWTWIU.DLL, Trojan

    Comments

    Tell me what you're thinking...
    and oh, if you want a pic to show with your comment, go get a gravatar!

    You must be logged in to post a comment.