Troj/Bckdr-QNA is a backdoor Trojan for the Windows platform, which allows a remote intruder to gain access and control over the computer.

Troj/Bckdr-QNA copies %system%\protoc.exe to %system%\Internet.exe.

The following registry entry is created to run Internet.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet
%System%\Internet.exe

Troj/Bckdr-QNA has the functionalities to:

  • allow a remote intruder to telnet to gain access and control over the computer.
  • stop anti-virus services and terminate anti-virus processes.
  • steal information.
  • download files
  • be a proxy.
  • hook and unhook Internet.exe.

    More information can be found at this Sophos page.