qrzsyr.dll

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have an XP computer which contains a file Windows\system32\qrzsyr.dll
which Symantec detects as infected.  Virustotal flags this file
multiple times.  Previously the computer was infected one time with
spyware (popups, false spyware alerts, false toolbars etc.) which
Spybot S&D successfully removed.

I suspect this file is leftover from the previous infection.

qrzsyr.dll does not appear in the registry.  Should I try just
removing it?

Thanks,

Steve

Re: qrzsyr.dll


| I have an XP computer which contains a file Windows\system32\qrzsyr.dll
| which Symantec detects as infected.  Virustotal flags this file
| multiple times.  Previously the computer was infected one time with
| spyware (popups, false spyware alerts, false toolbars etc.) which
| Spybot S&D successfully removed.
|
| I suspect this file is leftover from the previous infection.
|
| qrzsyr.dll does not appear in the registry.  Should I try just
| removing it?
|
| Thanks,
|
| Steve

Steve:

What did Symantec call this (infected is not enough) and what was the EXACT
results from the
Virus Total report ?

Yes you should remove the DLL.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: qrzsyr.dll


Quoted text here. Click to load it

I don't that that information in front of me, but will supply
it later this evening.

Quoted text here. Click to load it

Virustotal report follows:

[ file data ]
* name: qrzsyr.dll
* size: 19456
* md5.: 4fd5a45a4a58d5a02e1fdc03bbd119f9
* sha1: cd33a37b9616ec4eb039425a8a687d667ee9dda8

[ scan result ]
AntiVir        7.3.1.37/20070221       found nothing
Authentium      4.93.8/20070221 found [W32/Downloader.AWCX]
Avast   4.7.936.0/20070221      found [Win32:Zlob-TR]
AVG     386/20070221    found [Downloader.Agent.HIP]
BitDefender     7.2/20070222    found [Adware.Cfodor.A]
CAT-QuickHeal   9.00/20070221   found [TrojanDownloader.Agent.bdj]
ClamAV  devel-20060426/20070222 found nothing
DrWeb   4.33/20070221   found [Trojan.DownLoader.16535]
eSafe   7.0.14.0/20070221       found [Win32.Agent.bdj]
eTrust-Vet      30.4.3419/20070222      found [Win32/Spax!generic]
Ewido   4.0/20070221    found [Downloader.Agent.bdj]
F-Prot  4.2.1.29/20070221       found [W32/Agent.BQE]
F-Secure        6.70.13030.0/20070221   found [not-a-virus:FraudTool.Win32.World
SecurityOnline.b]
FileAdvisor     1/20070222      found nothing
Fortinet        2.85.0.0/20070221       found [W32/HEUR.GN!tr]
Ikarus  T3.1.0.31/20070221      found [not-a-virus:.FraudTool.Win32.Worldsecurit
yonline.b]
Kaspersky       4.0.2.24/20070222       found [not-a-virus:FraudTool.Win32.World
SecurityOnline.b]
McAfee  4968/20070221   found nothing
Microsoft       1.2204/20070221 found nothing
NOD32v2 2074/20070221   found [Win32/TrojanDownloader.Zlob.ANK]
Norman  5.80.02/20070221        found [W32/DLoader.BVTB]
Panda   9.0.0.4/20070221        found [Adware/VirusBursters]
Prevx1  V2/20070222     found [Generic.Zlob!DL]
Sophos  4.14.0/20070221 found nothing
Sunbelt 2.2.907.0/20070222      found [Trojan.FakeAlert]
Symantec        10/20070222     found [Trojan.Adclicker]
TheHacker       6.1.6.062/20070221      found [Trojan/Downloader.Agent.bdj]
UNA     1.83/20070221   found [TrojanDownloader.Win32.Agent.EBFE]
VBA32   3.11.2/20070221 found [Trojan-Downloader.Win32.Agent.bdj]
VirusBuster     4.3.19:9/20070221       found nothing

[ notes ]
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=0d7d62407405
Sunbelt info: Trojan.FakeAlert consists of files that cause false warnings of sp
yware on the computer.  Usually the alerts are displayed in a balloon type pop-u
p from an icon in the system tray.


(End of Virustotal report)

Quoted text here. Click to load it

Thanks.

Steve

Re: qrzsyr.dll


Quoted text here. Click to load it

qrzsyr.dll
\Kxp\c\SCAN\WINDOWS\system32\
Virus name: Trojan.Adclicker


I deleted it and all seems fine.

Steve

Re: qrzsyr.dll

Use Spyerase version 10, it's fast and free. It now has over 1700 signatures
to remove  All variants of Virusburst, Spy sheriff and Antivermins. New
Feature, Spyerase
will now update your hosts file. This tool is designed to Specifically
remove all variants.
Scan time is about 2 minutes. Designed for Windows 2000/XP only. Password is
still required.
First read this page http://www.pcbutts1.com/downloads then download
Spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip

Check my feedback and see what others have said about it
http://pcbutts1-therealtruth.blogspot.com /


Feedback is very important to the development of Spyerase.
Let me know how it works. Send feedback here
http://pcbutts1-therealtruth.blogspot.com /

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: qrzsyr.dll


Quoted text here. Click to load it

Thanks for the tip.

Steve

Site Timeline