[KeyLogger.Qmexil.121815219] is a KeyLogger and it induces users to download it from P2P site or blog. 

[PIC 1] Executing Feature

[PIC 2] Injecting Feature

<Related Malicious Code>

Backdoor.Win32.Pcclient.102296

<File>

[KeyLogger.Qmexil.121815219] creates files like below.

(Programs Folder)\222.exe

(System Folder)\0005248b.ini

(System Folder)\(Random Name).DLl

(System Folder)\(Random Name).key

(Root Folder)\google1.log

<Registry>

[KeyLogger.Qmexil.121815219] creates registry like below.

HKLM\SYSTEM\CurrentControlSet\Services\qmexil

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QMEXIL

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_QMEXIL

HKLM\SYSTEM\ControlSet001\Services\qmexil

HKLM\SYSTEM\ControlSet002\Services\qmexil

HKLM\SYSTEM\ControlSet003\Services\qmexil

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion SvcHost

Name: qmexil

Value: qmexil

<Notation>

- "(Programs Folder)" could be different by OS and generally this is "C:\Program Files".

- "(System Folder)" could be different by OS and generally this is "C:\Windows\System32".

[How to repair]

1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.

2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.

a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)

b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)

3. How to scan the virus.

a. Run your ViRobot, and choose all files in scan option.
- ViRobot Desktop 5.x : [Tools] -> [Configuration] -> [Spyware/Adware Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check

b. Repair all viruses detected.