Trojan Qt/Waick.A plus unknown file in StartUp menu

View previous topic View next topic Go down

Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Fri May 13, 2011 3:05 pm

The Trojan horse was detected by MicroSoft Security Essentials as: TrojanDownloader:QT/Waick.A

I also have an unknown file I found in my Settings> Control Panel>Startup file: C:\Documents and Settings\JOHN\Local Settings\Application Data\bdtklkneu\yjvprhhtssd.exe

I tried to copy/paste the OTL.txt file here, but I received a message that it was too long, so I am attaching the files as zip files.

Thank you,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Fri May 13, 2011 8:25 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sat May 14, 2011 1:21 am

Ok, I followed your instructions and I have attached the log.txt file.

Let me know what is next.

Thanks,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sat May 14, 2011 1:52 am

Now I have found another Trojan Win32/Tracur.Q

The Qt/Waick.A appears to be gone.

What now?

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Additional Files Located In My Computer

Post by JetAviator7 on Sat May 14, 2011 12:16 pm

This morning I noticed the following 2 programs:

C:\WINDOWS\system32\ishlpr.exe

C:|WINDOWS\system\mosync32.exe

Could these be causing some of my problems? What seems to happen is that after a short period of time I can no longer access the internet.

Thanks,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sat May 14, 2011 3:40 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\mswng300wow.exe
    c:\windows\system32\1518485383
    c:\windows\system32\docprop232.dll
    c:\windows\kbdsmsfiwow.exe
    c:\windows\system32\sbbd.exe
    c:\windows\system32\4.tmp
    c:\windows\system32\dnsapi32.exe
    c:\documents and settings\JOHN\ekqbbedghp.tmp
    c:\windows\system32\unrar.exe
    c:\windows\system32\73.tmp
    c:\windows\system32\mobsync32.exe
    c:\windows\system32\iashlpr32.exe
    c:\windows\system32\dnsrslvr32.exe
    c:\windows\system32\atmfd32.dll
    c:\windows\iwexec.exe

    Folder::
    c:\windows\system32\B2F070914FBDEC827D6D450D1DBE26A9

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0073E72C-28BE-4CD9-810C-9C0906572E3e}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kbdsmsfiwow.exe"=-
    "mswng300wow.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\iashlpr32.exe"=-
    "c:\\WINDOWS\\system32\\73.tmp"=-
    "c:\\WINDOWS\\system32\\4.tmp"=-
    "c:\\WINDOWS\\kbdsmsfiwow.exe"=-
    "c:\\WINDOWS\\mswng300wow.exe"=-

    Driver::
    UPS32

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Step Completed - What's next?

Post by JetAviator7 on Sat May 14, 2011 5:59 pm

I have attached the file ComboFix.txt.

It also created another log.txt file - do you want that as well?

Thanks,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sat May 14, 2011 6:04 pm

Hello.
The malware tried to make more malware, so were gonna need to use another CFScript run, and we'll remove the AVG leftovers as well.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: [You must be registered and logged in to see this link.]




  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\system32\5.tmp

    Folder::
    c:\documents and settings\JOHN\Application Data\LimeWire

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\5.tmp"=-
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sat May 14, 2011 6:58 pm

I did exactly as you asked. I used the avgremover.exe, but I notice when I look at Start > Programs > is till shows both AVG2011 and AVG Free Edition folders.

I don't know how to get rid of those.

Next, I uninstalled the Microsoft Security Essentials program.

Attached find the C:|ComboFix.txt file.

Thanks for all the hard work.

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sun May 15, 2011 3:18 pm

Hello.
Please re-install MSE, you need an antivirus, AVG had leftover so just wanted to remove them.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

ESET Online Scanner Log.txt

Post by JetAviator7 on Sun May 15, 2011 8:00 pm

OK, I have completed this scan and have attached the log.txt file.

What do I do next?

Thanks,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sun May 15, 2011 9:25 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sun May 15, 2011 10:20 pm

Done, and here are the contents of the ckfiles.txt file:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\windows\fonts\crackman.ttf
scanner sequence 3.AP.11
----- EOF -----

Next?

Thanks,

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sun May 15, 2011 10:23 pm

Hello.
Just updates to do.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sun May 15, 2011 10:29 pm

Here you go:

Adobe Acrobat 8.1.2 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced DVD Player
Affiliate Link Cloaker
Affiliate Organizer 2.0
Amazon Kindle For PC
Anark Client 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
CamStudio
Camtasia Studio 5
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture 2.7
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Carbonite
CCleaner
ClickArt Fonts 4
Corel WinDVD 2010
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Digital Media Converter Pro 3.2
Domain Samurai
Domain Samurai
Dragon NaturallySpeaking 10
Easy Thumbnails (Remove only)
EH103 Wireless G USB Adapter
EH103 Wireless G USB Adapter
ESET Online Scanner v3
Evernote v. 4.1
Face to Face Global™ 6.1.0.42
Files Zipper
First Step Guide
Google AdWords Editor
Google Desktop
Google Gears
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB961118)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
HPCarePackProducts
IBP & ARELIS 9.5.1
ImageMixer 3 SE
ImageMixer VCD2
InBoxer for Outlook 2.0
iTunes
iWisoft Flash SWF to Video Converter 3.4
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Market Samurai
Market Samurai
MenuMachine 2.2.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyVideoConverter 2.38
NoteTab Light (Remove only)
NVIDIA Drivers
OptiTools
QODBC Driver
QuickBooks Pro 2006
Quicken 2003 Premier
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
RecordNow!
Revo Uninstaller Pro 2.5.3
Safari
Samson SoftPre
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SmartFTP Client
SnagIt 8
Snagit 9.1.3
SONAR 6 LE
Sony Digital Voice Editor 3
Sony USB Driver
Stardust Wallpaper Packager 2003 (1.0.0.5)
Suite Specific
TC Web Conferencing
TheBestSpinner
TweetDeck
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vegas Movie Studio Platinum 9.0
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
WD Diagnostics
Web CEO 6.5
Webshots Desktop
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! SiteBuilder
Yahoo! Toolbar

Next?

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Sun May 15, 2011 10:46 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 21

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.


How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by JetAviator7 on Sun May 15, 2011 11:07 pm

The machine is running better than it has in some time. I really appreciate your help.

Is there anything else I need to do?

If not, many thanks and I will leave a donation - you guys are the greatest!

John

JetAviator7
Intermediate
Intermediate

Posts Posts : 59
Joined Joined : 2010-06-24
OS OS : Windows XP
Points Points : 24296
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Qt/Waick.A plus unknown file in StartUp menu

Post by Belahzur on Mon May 16, 2011 11:09 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum