Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Steve Pope
February 22, 2007, 9:07 pm
rate this thread
which Symantec detects as infected. Virustotal flags this file
multiple times. Previously the computer was infected one time with
spyware (popups, false spyware alerts, false toolbars etc.) which
Spybot S&D successfully removed.
I suspect this file is leftover from the previous infection.
qrzsyr.dll does not appear in the registry. Should I try just
| I have an XP computer which contains a file Windows\system32\qrzsyr.dll
| which Symantec detects as infected. Virustotal flags this file
| multiple times. Previously the computer was infected one time with
| spyware (popups, false spyware alerts, false toolbars etc.) which
| Spybot S&D successfully removed.
| I suspect this file is leftover from the previous infection.
| qrzsyr.dll does not appear in the registry. Should I try just
| removing it?
What did Symantec call this (infected is not enough) and what was the EXACT
results from the
Virus Total report ?
Yes you should remove the DLL.
I don't that that information in front of me, but will supply
it later this evening.
Virustotal report follows:
[ file data ]
* name: qrzsyr.dll
* size: 19456
* md5.: 4fd5a45a4a58d5a02e1fdc03bbd119f9
* sha1: cd33a37b9616ec4eb039425a8a687d667ee9dda8
[ scan result ]
AntiVir 22.214.171.124/20070221 found nothing
Authentium 4.93.8/20070221 found [W32/Downloader.AWCX]
Avast 4.7.936.0/20070221 found [Win32:Zlob-TR]
AVG 386/20070221 found [Downloader.Agent.HIP]
BitDefender 7.2/20070222 found [Adware.Cfodor.A]
CAT-QuickHeal 9.00/20070221 found [TrojanDownloader.Agent.bdj]
ClamAV devel-20060426/20070222 found nothing
DrWeb 4.33/20070221 found [Trojan.DownLoader.16535]
eSafe 126.96.36.199/20070221 found [Win32.Agent.bdj]
eTrust-Vet 30.4.3419/20070222 found [Win32/Spax!generic]
Ewido 4.0/20070221 found [Downloader.Agent.bdj]
F-Prot 188.8.131.52/20070221 found [W32/Agent.BQE]
F-Secure 6.70.13030.0/20070221 found [not-a-virus:FraudTool.Win32.World
FileAdvisor 1/20070222 found nothing
Fortinet 184.108.40.206/20070221 found [W32/HEUR.GN!tr]
Ikarus T220.127.116.11/20070221 found [not-a-virus:.FraudTool.Win32.Worldsecurit
Kaspersky 18.104.22.168/20070222 found [not-a-virus:FraudTool.Win32.World
McAfee 4968/20070221 found nothing
Microsoft 1.2204/20070221 found nothing
NOD32v2 2074/20070221 found [Win32/TrojanDownloader.Zlob.ANK]
Norman 5.80.02/20070221 found [W32/DLoader.BVTB]
Panda 22.214.171.124/20070221 found [Adware/VirusBursters]
Prevx1 V2/20070222 found [Generic.Zlob!DL]
Sophos 4.14.0/20070221 found nothing
Sunbelt 2.2.907.0/20070222 found [Trojan.FakeAlert]
Symantec 10/20070222 found [Trojan.Adclicker]
TheHacker 6.1.6.062/20070221 found [Trojan/Downloader.Agent.bdj]
UNA 1.83/20070221 found [TrojanDownloader.Win32.Agent.EBFE]
VBA32 3.11.2/20070221 found [Trojan-Downloader.Win32.Agent.bdj]
VirusBuster 4.3.19:9/20070221 found nothing
[ notes ]
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=0d7d62407405
Sunbelt info: Trojan.FakeAlert consists of files that cause false warnings of sp
yware on the computer. Usually the alerts are displayed in a balloon type pop-u
p from an icon in the system tray.
(End of Virustotal report)
Use Spyerase version 10, it's fast and free. It now has over 1700 signatures
to remove All variants of Virusburst, Spy sheriff and Antivermins. New
will now update your hosts file. This tool is designed to Specifically
remove all variants.
Scan time is about 2 minutes. Designed for Windows 2000/XP only. Password is
First read this page http://www.pcbutts1.com/downloads then download
Spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip
Check my feedback and see what others have said about it
Feedback is very important to the development of Spyerase.
Let me know how it works. Send feedback here
Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell