qkm.exe , herss.exe
Files size 93.5 KB (95,744 bytes)
MD5: 652FA41E1F599F3AFBD88B1D01F28241
SHA-1: 0DF2874A9D44873D7EF038F48C20CC229D7B447C
=======================================================
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| a-squared | 4.5.0.50 | 2010.01.21 | - |
| AhnLab-V3 | 5.0.0.2 | 2010.01.21 | - |
| AntiVir | 7.9.1.146 | 2010.01.21 | TR/Dropper.Gen |
| Antiy-AVL | 2.0.3.7 | 2010.01.21 | - |
| Authentium | 5.2.0.5 | 2010.01.21 | - |
| Avast | 4.8.1351.0 | 2010.01.21 | - |
| AVG | 9.0.0.730 | 2010.01.21 | - |
| BitDefender | 7.2 | 2010.01.21 | - |
| CAT-QuickHeal | 10.00 | 2010.01.21 | Trojan.MMM.rt |
| ClamAV | 0.94.1 | 2010.01.21 | PUA.Packed.ASPack212 |
| Comodo | 3656 | 2010.01.21 | TrojWare.Win32.Valklik.~BB |
| DrWeb | 5.0.1.12222 | 2010.01.21 | - |
| eSafe | 7.0.17.0 | 2010.01.20 | - |
| eTrust-Vet | 35.2.7250 | 2010.01.21 | - |
| F-Prot | 4.5.1.85 | 2010.01.20 | - |
| F-Secure | 9.0.15370.0 | 2010.01.21 | - |
| Fortinet | 4.0.14.0 | 2010.01.21 | - |
| GData | 19 | 2010.01.21 | - |
| Ikarus | T3.1.1.80.0 | 2010.01.21 | - |
| Jiangmin | 13.0.900 | 2010.01.21 | - |
| K7AntiVirus | 7.10.951 | 2010.01.20 | - |
| Kaspersky | 7.0.0.125 | 2010.01.21 | - |
| McAfee | 5867 | 2010.01.20 | - |
| McAfee+Artemis | 5867 | 2010.01.20 | Artemis!652FA41E1F59 |
| McAfee-GW-Edition | 6.8.5 | 2010.01.21 | Heuristic.LooksLike.Win32.Dropper.B |
| Microsoft | 1.5302 | 2010.01.21 | PWS:Win32/Frethog.gen!H |
| NOD32 | 4791 | 2010.01.20 | - |
| Norman | 6.04.03 | 2010.01.20 | - |
| nProtect | 2009.1.8.0 | 2010.01.21 | - |
| Panda | 10.0.2.2 | 2010.01.21 | - |
| PCTools | 7.0.3.5 | 2010.01.21 | - |
| Rising | 22.31.03.04 | 2010.01.21 | - |
| Sophos | 4.50.0 | 2010.01.21 | - |
| Sunbelt | 3.2.1858.2 | 2010.01.21 | Worm.Win32.AutoRun |
| Symantec | 20091.2.0.41 | 2010.01.21 | Suspicious.Cloud |
| TheHacker | 6.5.0.8.157 | 2010.01.21 | - |
| TrendMicro | 9.120.0.1004 | 2010.01.21 | Possible_Mlwr-13 |
| VBA32 | 3.12.12.1 | 2010.01.20 | - |
| ViRobot | 2010.1.21.2148 | 2010.01.21 | - |
| VirusBuster | 5.0.21.0 | 2010.01.20 | - |
------------------------------------------------------------------------------
Files Created
%Temp%\herss.exe
%Temp%\cvasds0.dll (0-9)
X:\qkm.exe
X:\autorun.inf
%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
X:\ = C:\- Z:\
Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsdxsxd.c"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = %Temp%\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091
Remote Host
202.111.175.157 port 80
Data identified/URLs to be download
http://www.baidu2y4.com/1mg/am.rar
http://www.baidu2y4.com/1mg/am1.rar
=======================================================
วิธีกำจัด/แก้ virus : qkm.exe , herss.exe
=======================================================
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames
หลังจากกำจัด virus ได้แล้ว แนะนำให้ติดตั้งโปรแกรมเพิ่มเติม เช่น
Panda USB Vaccine
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
or
KB971029, KB967715 (Disable AutoRun)
http://hotzone-it.blogspot.com/2009/08/kb971029-fix-autorun-microsoft.html
how can i remove autorun qkm.exe
ReplyDeleteดีมากเลย เยี่ยม
ReplyDeleteI had some trouble cleaning qkm.exe. But got it too work:
ReplyDelete1. Boot computer into Linux: for example by installing Ubuntu on a USB harddrive
2. Clean all files related to qkm trojan:
on ALL drives:
sudo find . \( -iname "*qkm*.*" -o -iname "*herss.exe*" -o -iname "*cvasds*.*" \) -print -delete
rm autorun.inf (at least those autorun.inf files that contain references to qkm.exe (will be in root folder of a drive)
3. if you meet the son of a bitch that wrote this, fubar!
4. if you are him: drop dead!
comment1
ReplyDeletehow can i remove autorun qkm.exe
Download : PeeTechFix-Win32.PSW.OnlineGame 2.0.7
AVDB-036 (Virus signature database update)
last update 21/01/2010
Download direct link
http://www.mediafire.com/download.php?ywjyzwyjdxh
Thank you very much for your feedback. A good idea.
ReplyDeleteUsing linux ubuntu on a USB harddrive or bootCD.
This removes malware that was good.
But that virus that does create the file. To be deleted correctly.
More.
Using linux ubuntu to remove virus files do good.
Virus removal, except that insert code into the file extension exe.
Such Sality, Virut, Induc.A etc..
May be used instead, such as Kaspersky rescureCD RecureCD or AviraRescueCD.
Down load PeeTechFix-Win32.PSW.OnlineGame 2.0.7
ReplyDeleteand excute and found nothing. How do I know It clean virus alrady. Thk & BR
After clean > complete
ReplyDeleteYour computer can show hidden files and not found qkm.exe , autorun.inf in C:\ - Z:\
If you want to know , you can use file monitor and reg monitor program
Example : Regshot , file monitor
excuse me please
I am not a programmer :)
and my fix tool is not beautiful
I try to learning visual C# , autoit
....
Excuse me please
I can speak and read english a little bit. :)
I can speak thai :)
I can speak and read english a little bit. :)
ReplyDeleteI will to try answer the questions. :)