QAZ Trojan Program Description:
This new backdoor Trojan
allows hackers to access and control an infected
system. TROJ_QAZ was initially distributed as
"Notepad.exe" but might also appear
with different filenames. Once an infected file
is executed, TROJ_QAZ modifies the Windows
registry so that it becomes active every time
Windows is started. TROJ_QAZ also renames the
original "notepad.exe" file to "note.com"
and then copies itself as "notepad.exe"
to the Windows folder. This way, the Trojan is
also launched every time a user runs Notepad.
TROJ_QAZ also attempts to spread itself to other
shared drives on local networks. This Trojan does
not mass email itself out to lists in the users
address book however.
QAZ Trojan Manual Removal:
The registry needs to
edited to delete this Trojan
- Click START, RUN
Type REGEDIT and hit ENTER key
- In the left panel, click
the "+" to the left of the
following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
- In the right panel,
search for any of the registry key that
contains the data value of startIE=XXXX\Notepad.exe.
- In the right window,
highlight the registry key that loads the file
and press the DELETE key. Answer YES to delete
the entry.
Exit the registry.
Click START,SHUTDOWN. Choose
"Restart" and click OK.
- Use the Find Tool under
the Start Menu to find and rename Note.com to
Notepad.exe.
QAZ Trojan Automatic Removal:
Using Spyware Doctor
to detect and remove Trojan.QAZ AUTOMATICALLY!
Detection and Removal Instructions for Trojans
| 
(If you can not see the issued comment, please enable your browser to support javascript and refresh this page.)