[ben.]

I have just spent the last few hours working out how to remove a trojan that suddenly appeared today. AVG didn't spot it.

It creates a folder called c:\documents and settings\all users\_qbothome\ which has a couple of .dll's and a log file which can accumulate password, login details, card numbers etc. It is a pretty nasty piece of work. Luckily I think I caught it before it did anything.

Task manager will likely show a couple of processes:
_qbotnti.exe
_qbotinj.exe

My fix was to delete these straight from task manager, turn off all internet connections, delete the folder and all its contents shown above, then reboot to make sure it doesnt reappear. There are also to preloader parts in the windows directory. Right click on windows folder and search for 'qbot'. It should find two files, delete them.

I think this thing got onto my pc when i visited iheadphones. Visit Need Help Removing malicious software - stopbadware | Google Groups for more information. One of the worse affected parts is something like sennheiser/89/..., which I think is the Skullcandy page. I think other pages must be affected because I never looked at that one.

I am not in any way trying to divert custom from iheadphones. This is a genuine problem and the website owner seems to be aware of it as google is warning people attempting to access the site, but unfortunately this safety measure only seems to work direct from google.

 

[steviebee]

Thx for the headsup ben. Why do you think it was iHeadphones?

Edit\ Ah, I see... a warning from Google?

 

[ben.]

I was viewing some of the Denon pages for the C700/751 and the C551. After a few seconds, Firefox (v3.0.1) just terminated. No crash, no error message, nothing. It just closed itself instantly, which happened twice. After that I noticed two suspicious .exe's in task manager.

The fact that I have never had anything like this happen until I went to that website suggests it was from there. Accordingly, the google teams warning messages suggest they have been targetted by some malicious 3rd party who have injected their site with trojans.

I cannot guarantee that ordering iheadphones products through amazon is 100% safe, as I don't know if there is any communication between amazon and iheadphones with regards to credit card details. But if you do want to order their stuff, I recommend ordering through amazon but first contacting iheadphones to see if it's secure.

 

[parajba]

Thanks for the useful tip!

Ops, my computer is not affected..it's a Mac

 

[chiefroastbeef]

Quote:

Originally Posted by parajba /img/forum/go_quote.gif Thanks for the useful tip! Ops, my computer is not affected..it's a Mac

x2!!!

 

[bernado]

From my experience, I would say ordering from iheadphones is unsafe false stop, regardless of any virus issues. I can't help wondering if this is some hackers payback for services rendered

 

[fjf]

Ubuntu immunity here...

 

[klamP]

I've bought many items from iheadphones.co.uk. They're completely legit.

I noticed that warning too....

Just so you know, google also flagged up an acapella site i frequent. I think it's flawed.

 

[insanebe]

1110111011001001110

 

[mvw2]

Quote:

Originally Posted by parajba /img/forum/go_quote.gif Thanks for the useful tip! Ops, my computer is not affected..it's a Mac

Don't mistake simply not being a target as being immune.

 

[bernado]

Quote:

Originally Posted by insanebe /img/forum/go_quote.gif 1110111011001001110

Gotta love binary spam

 

[jjmai]

Yeah, this qbot thing seems to be pretty nasty. It seems to be a new variant that just popped up. Our IT at work warned us recently.

 

[timmyGCSE]

I ordered from there yesterday. Seems cool to me, been browsing it for the past week no issues