Techguy
November 21, 2000, 10:26 am
Trojan: TROJ_QUAZ.A
--------------------------------------------------------------------------------
Aliases:
QAZ.A, Qaz.Trojan
Description:
This new backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original "notepad.exe" file to "note.com" and then copies itself as "notepad.exe" to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book and Trend suspects that it was either downloaded from a website, newsgroups, IRC or chat rooms.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
In the right panel, search for any of the registry key that contains the data value of startIE=XXXX\Notepad.exe.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the registry.
Click START|SHUTDOWN. Choose "Restart" and click OK.
Rename Note.com to Notepad.exe.
Scan your system with your antivirus and delete all files detected as TROJ_QAZ.A since the PC no longer runs the Trojan at startup after the associated registry entry is deleted.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
--------------------------------------------------------------------------------
Aliases:
QAZ.A, Qaz.Trojan
Description:
This new backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original "notepad.exe" file to "note.com" and then copies itself as "notepad.exe" to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book and Trend suspects that it was either downloaded from a website, newsgroups, IRC or chat rooms.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
In the right panel, search for any of the registry key that contains the data value of startIE=XXXX\Notepad.exe.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the registry.
Click START|SHUTDOWN. Choose "Restart" and click OK.
Rename Note.com to Notepad.exe.
Scan your system with your antivirus and delete all files detected as TROJ_QAZ.A since the PC no longer runs the Trojan at startup after the associated registry entry is deleted.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.