ben.
New Head-Fier
- Joined
- Aug 28, 2008
- Posts
- 22
- Likes
- 0
I have just spent the last few hours working out how to remove a trojan that suddenly appeared today. AVG didn't spot it.
It creates a folder called c:\documents and settings\all users\_qbothome\ which has a couple of .dll's and a log file which can accumulate password, login details, card numbers etc. It is a pretty nasty piece of work. Luckily I think I caught it before it did anything.
Task manager will likely show a couple of processes:
_qbotnti.exe
_qbotinj.exe
My fix was to delete these straight from task manager, turn off all internet connections, delete the folder and all its contents shown above, then reboot to make sure it doesnt reappear. There are also to preloader parts in the windows directory. Right click on windows folder and search for 'qbot'. It should find two files, delete them.
I think this thing got onto my pc when i visited iheadphones. Visit Need Help Removing malicious software - stopbadware | Google Groups for more information. One of the worse affected parts is something like sennheiser/89/..., which I think is the Skullcandy page. I think other pages must be affected because I never looked at that one.
I am not in any way trying to divert custom from iheadphones. This is a genuine problem and the website owner seems to be aware of it as google is warning people attempting to access the site, but unfortunately this safety measure only seems to work direct from google.
It creates a folder called c:\documents and settings\all users\_qbothome\ which has a couple of .dll's and a log file which can accumulate password, login details, card numbers etc. It is a pretty nasty piece of work. Luckily I think I caught it before it did anything.
Task manager will likely show a couple of processes:
_qbotnti.exe
_qbotinj.exe
My fix was to delete these straight from task manager, turn off all internet connections, delete the folder and all its contents shown above, then reboot to make sure it doesnt reappear. There are also to preloader parts in the windows directory. Right click on windows folder and search for 'qbot'. It should find two files, delete them.
I think this thing got onto my pc when i visited iheadphones. Visit Need Help Removing malicious software - stopbadware | Google Groups for more information. One of the worse affected parts is something like sennheiser/89/..., which I think is the Skullcandy page. I think other pages must be affected because I never looked at that one.
I am not in any way trying to divert custom from iheadphones. This is a genuine problem and the website owner seems to be aware of it as google is warning people attempting to access the site, but unfortunately this safety measure only seems to work direct from google.