For the last couple of days, Norton has blocked several attempts by a "QaZ" Trojan Horse to access my computer. Any ideas where it's coming from? As well as Norton, I've run SpyBot and AdAware to clean out stuff.
For the last couple of days, Norton has blocked several attempts by a "QaZ" Trojan Horse to access my computer. Any ideas where it's coming from? As well as Norton, I've run SpyBot and AdAware to clean out stuff.
George
I'll give it a shot, to the limits of my limited knowledge.
I'm presuming that you mean that your firewall's reporting that a program ON your computer,
called QaZ, is trying to "dial out",
and not that your firewall is reporting that a program hosted elsewhere, called QaZ,
is trying to "dial in" to your computer.
Speak up if it's the latter.
As to nasty viruses, if your antivirus (for example, Norton) is not up to cleaning it out,
The following was from the Internet Security Systems website:
Summary
Qaz trojan horse (W32.HLLW.QAZ.A). This trojan horse spreads within a network of shared computer systems, infecting the Notepad.exe file. The Qaz trojan horse will open port 7597, allowing a hacker to come along later and gain access to the infected computer.
Details
The Qaz.trojan requires a user on an infected system to open the Notepad.exe file. Although it may have originally spread as an e-mail, a download from a Web site, or through IRC chatrooms, Qaz.trojan now spreads within networks. If the user of an infected system opens Notepad, the virus is run. Qaz.trojan will look for individual systems that share a networked drive, then seeks out the Windows folder and infects the Notepad.exe file on those systems. Qaz.trojan first renames Notepad.exe to Note.com then creates the virus-infected file Notepad.exe. This new Notepad.exe has a length of 120,320 bytes. Qaz.trojan rewrites the System Registry to load itself every time the computer is rebooted. Users monitoring their open ports may notice unusual traffic on TCP port 7597 if a hacker connects to the infected computer.
How to Detect and Remove the Qaz trojan horse
Search for the Notepad.exe file within the local Windows folder. If Notepad.exe has a length of 52,000 bytes (52KB), do not delete it. This is the normal system program. However, if Notepad.exe has a length of 120,320 bytes, delete it, then search for the existence of another file called Note.com and rename that file to Notepad.exe.
Remove the following registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run >/b> as value StartIE=notepad.exe
Search for the above on all other machines on your network to find any other infections.
Repeat the above steps if necessary.
Interestingly, my Notepad.exe is 64k, neither 52k or 120k. There does not seem to be a "note.com" file on my computer.
When I get time, I'll try the website WW suggested. Is it interactive? I.e., do I have to sit at the computer the whole time?
I got some kind of bug that shut down the drivers so that I couldn't get any sound. Norton missed it. My anti-spyware (TrendMicro) missed it. The Norton subscription only has 17 days to go, so I downloaded Avast!
I must say, I'm impressed - though it's not hard to impress a non-geek such as myself.
The program installed easily, took care of the problem and runs continually in the background while it updates itself.
Turns out the repairman hates Norton and always replaces it with AVG!
And always replaces IE 7.0 with 6.0!
I appreciate initiative, but I would like to have been consulted.
They would, of course, restore my system free of charge, but I think I'll stick with AVG for a while. My Norton would have had to been renewed in a couple of weeks, anyway. And I'm fine with IE 6.0, though I didn't have any problems with 7.0, either. Assuming my Windows firewall is any good, this should work out OK.
I appreciate initiative, but I would like to have been consulted.
They would, of course, restore my system free of charge, but I think I'll stick with AVG for a while. My Norton would have had to been renewed in a couple of weeks, anyway. And I'm fine with IE 6.0, though I didn't have any problems with 7.0, either. Assuming my Windows firewall is any good, this should work out OK.
George
Ah, you're just using the Windows internal firewall?
You're trusting MICROSOFT for your system security?
I had a similar problem with my computer a few months ago
And I had the latest version of Trend Micro Anti Virus 2007 all updated and everything, it didnt even slow this virus down! ( I was sooo mad )
But I solved it with one quick step, but it cost me like $40 I brought it to where I bought the Computer...Cheap Guys Computers of Orlando Florida. Don't let the name fool you they are waaaay better than Best Buy Geek squad and other small time computer fixers
Took a few days but they got me totally restored with NO memory loss!
So if you live near Lake Eerie, Id suggest you ask around, and determine who in your area is a truly skilled and honest computer specialist and pay em, cause it sounds like your in over your head and your headed to that o so horrible "O my God Im gonna say the hell with it and delete my hard drive" moment
PS If all else fails Ill bet Geek Squad can fix it but they might charge you more than $40
Just wanted to pop in and say I've run AVG Free and AdAware for several years, and I'm on my 3rd computer (I keep upgrading and selling my old ones) and have NEVER had a virus do ANY damage. AVG has always caught them when they tried to get in. I also run MailWasher on my Outlook, and I can bounce spam from it without ever downloading it to my computer.
Recommended Posts
WordWolf
Up to you, but Avira Antivir and Avast!, IMHO, are both better.
I had one friend wrestling with Norton, and within minutes, we had him running AVG,
and it was working better, had a smaller "footprint" in the computer, and had a more intuitive interface.
Avast! is the biggest of the 3, but is the best of the 3 (AVG, Antivir, Avast!).
You may use whatever you wish. Avast! was recommended here, and IMHO, they're correct
that it's as good as anything out there for antivirus, period.
Link to comment
Share on other sites
GeorgeStGeorge
I guess that this fits in this thread.
For the last couple of days, Norton has blocked several attempts by a "QaZ" Trojan Horse to access my computer. Any ideas where it's coming from? As well as Norton, I've run SpyBot and AdAware to clean out stuff.
George
Link to comment
Share on other sites
WordWolf
I'll give it a shot, to the limits of my limited knowledge.
I'm presuming that you mean that your firewall's reporting that a program ON your computer,
called QaZ, is trying to "dial out",
and not that your firewall is reporting that a program hosted elsewhere, called QaZ,
is trying to "dial in" to your computer.
Speak up if it's the latter.
As to nasty viruses, if your antivirus (for example, Norton) is not up to cleaning it out,
time to use something stronger. :)
Go to http://housecall.trendmicro.com/
and spend 2 hours (or less) using the online antivirus to clean out your pc.
Let me know if that doesn't do it- if not, you may need to do something
with your pc's registry and so on. But let's try the painless methods first...
(Oh, and I never heard "Norton's a great antivirus", but I'd make sure my antivirus
was completely up to date...)
Link to comment
Share on other sites
GeorgeStGeorge
The following was from the Internet Security Systems website:
Summary
Qaz trojan horse (W32.HLLW.QAZ.A). This trojan horse spreads within a network of shared computer systems, infecting the Notepad.exe file. The Qaz trojan horse will open port 7597, allowing a hacker to come along later and gain access to the infected computer.
Details
The Qaz.trojan requires a user on an infected system to open the Notepad.exe file. Although it may have originally spread as an e-mail, a download from a Web site, or through IRC chatrooms, Qaz.trojan now spreads within networks. If the user of an infected system opens Notepad, the virus is run. Qaz.trojan will look for individual systems that share a networked drive, then seeks out the Windows folder and infects the Notepad.exe file on those systems. Qaz.trojan first renames Notepad.exe to Note.com then creates the virus-infected file Notepad.exe. This new Notepad.exe has a length of 120,320 bytes. Qaz.trojan rewrites the System Registry to load itself every time the computer is rebooted. Users monitoring their open ports may notice unusual traffic on TCP port 7597 if a hacker connects to the infected computer.
How to Detect and Remove the Qaz trojan horse
Search for the Notepad.exe file within the local Windows folder. If Notepad.exe has a length of 52,000 bytes (52KB), do not delete it. This is the normal system program. However, if Notepad.exe has a length of 120,320 bytes, delete it, then search for the existence of another file called Note.com and rename that file to Notepad.exe.
Remove the following registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run >/b> as value StartIE=notepad.exe
Search for the above on all other machines on your network to find any other infections.
Repeat the above steps if necessary.
Interestingly, my Notepad.exe is 64k, neither 52k or 120k. There does not seem to be a "note.com" file on my computer.
When I get time, I'll try the website WW suggested. Is it interactive? I.e., do I have to sit at the computer the whole time?
George
Link to comment
Share on other sites
WordWolf
You should check every few minutes, since there will be some requests for instructions.
You'll temporarily download the widget for the antivirus, select a few options, then finish a download or something,
then you'll run the program.
Once it finds something, it will give you options of what to do with it,
and if you want it to do that with anything else it finds.
THEN you can leave it alone until it's done.
Depending on the speed of your connection (the first 1/2), and the speed of your pc and how much stuff
is in there (the 2nd 1/2), this can take up to about 2 hours, or a lot less, depending.
Edited by WordWolfLink to comment
Share on other sites
doojable
I got some kind of bug that shut down the drivers so that I couldn't get any sound. Norton missed it. My anti-spyware (TrendMicro) missed it. The Norton subscription only has 17 days to go, so I downloaded Avast!
I must say, I'm impressed - though it's not hard to impress a non-geek such as myself.
The program installed easily, took care of the problem and runs continually in the background while it updates itself.
All the computers are getting this baby!
Edited by doojableLink to comment
Share on other sites
GeorgeStGeorge
Funny story:
This morning, my computer wasn't working (wouldn't turn on).
Brought it to the local shop.
Turns out, the problem was a worn-out fan; computer would get hot and shut off.
Shop replaced the fan.
I bring the computer home and boot it up.
Somehow, Norton Internet Security is gone.
I now have AVG 7.5 (AntiVirus, but no firewall).
Internet Explorer 7.0 has reverted to 6.0.
Everything else seems the same (but no Blocked Senders list, since Norton's gone).
I picked up the computer just as the shop was closing, so I'll have to call tomorrow to figure out what happened.
I can, of course, re-load Norton, but maybe it would be better to upgrade AVG?
George
Link to comment
Share on other sites
GeorgeStGeorge
Turns out the repairman hates Norton and always replaces it with AVG!
And always replaces IE 7.0 with 6.0!
I appreciate initiative, but I would like to have been consulted.
They would, of course, restore my system free of charge, but I think I'll stick with AVG for a while. My Norton would have had to been renewed in a couple of weeks, anyway. And I'm fine with IE 6.0, though I didn't have any problems with 7.0, either. Assuming my Windows firewall is any good, this should work out OK.
George
Link to comment
Share on other sites
WordWolf
This was an improvement.
This was NOT an improvement.Microsoft frequently fixes security problems very, very late.
IE 7 has better security than 6.0, and has more functionality for websites, some of which won't render
as well under 6.0 as they do under 7.0.
Up to you as to whether you want to upgrade or not, but why aren't you using Firefox?
http://www.mozilla.com/en-US/firefox/
Ah, you're just using the Windows internal firewall?
You're trusting MICROSOFT for your system security?
:blink:
Link to comment
Share on other sites
Steveo
Hi,
My condolences for your computer problem
I had a similar problem with my computer a few months ago
And I had the latest version of Trend Micro Anti Virus 2007 all updated and everything, it didnt even slow this virus down! ( I was sooo mad
)
But I solved it with one quick step, but it cost me like $40 I brought it to where I bought the Computer...Cheap Guys Computers of Orlando Florida. Don't let the name fool you they are waaaay better than Best Buy Geek squad and other small time computer fixers
Took a few days but they got me totally restored with NO memory loss!
So if you live near Lake Eerie, Id suggest you ask around, and determine who in your area is a truly skilled and honest computer specialist and pay em, cause it sounds like your in over your head and your headed to that o so horrible "O my God Im gonna say the hell with it and delete my hard drive" moment
PS If all else fails Ill bet Geek Squad can fix it but they might charge you more than $40
Edited by SteveoLink to comment
Share on other sites
lucygoosey
Just wanted to pop in and say I've run AVG Free and AdAware for several years, and I'm on my 3rd computer (I keep upgrading and selling my old ones) and have NEVER had a virus do ANY damage. AVG has always caught them when they tried to get in. I also run MailWasher on my Outlook, and I can bounce spam from it without ever downloading it to my computer.
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.