QQPass Trojan Removal: Remove QQPass Trojan Forever
Let our support team solve your problem with QQPass Trojan and repair QQPass Trojan right now!
Leave the detailed description of your QQPass Trojan problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix QQPass Trojan problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete QQPass Trojan problem removal solution.
Describe your problem here and we'll contact you in several minutes:
Warning:
1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you QQPass Trojan removal solution.
2) All fields of this form are obligatory.
Threat's profile
|
Name of the threat: QQPass Trojan |
| Command or file name: 11282[1].exe |
| Threat type: Spyware\trojan |
| Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista) |
QQPass Trojan intrusion method
QQPass Trojan copies its file(s) to your hard disk. Its typical file name is 11282[1].exe. Then it creates new startup key with name QQPass Trojan and value 11282[1].exe. You can also find it in your processes list with name 11282[1].exe or QQPass Trojan.
If you have further questions about QQPass Trojan, please fill in the form above and we'll contact you shortly.
» Download program to remove QQPass Trojan (QQPass Trojan Removal Tool)
Recommended Solution
If you are not sure what to delete, use our award winning program - QQPass Trojan Removal Tool.
QQPass Trojan Removal Tool will find and fully remove QQPass Trojan and all problems associated with QQPass Trojan virus.
Fast, easy, and handy, QQPass Trojan Removal Tool protects your computer against QQPass Trojan that does harm to your computer and breaks your privacy. QQPass Trojan Removal Tool scans your hard disks and registry and destroys any manifestation of QQPass Trojan. Standard anti-virus software can do nothing against malicious programs like QQPass Trojan. Remove QQPass Trojan straight away!
» Download QQPass Trojan Removal Tool now for free
How to fix QQPass Trojan
This problem can be solved manually by deleting all registry keys and files connected with QQPass Trojan, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by QQPass Trojan.
To get rid of QQPass Trojan, you should:
1. Kill the following processes and delete the appropriate files:
• 163q.exe
• 1[1].exe[3].exe
• 65f2_appcompat.txt
• 6a00_appcompat.txt
• 6qq2007[1].exe
• 74306db1.dat
• 74306db1.dll
• com+home.exe
• downs.exe
• ffdvrr.dll
• ffdvrr.exe
• f[1].exe
• gg.exe
• gtb2k1033.exe
• help[1].exe
• icwres.ocx
• icwtutor.com
• j[1].exe
• ld10media.dll
• ld7media.dll
• L_qy00.exe
• md4media.dll.exe
• md5[1].exe
• mmm[1].exe
• moi.com
• msnsearch.exe
• newinfo.bak
• newinfo.dll
• newinfo.rxk
• newqq.dll
• ntdhcp.exe
• oleaccre.dll
• pic[2].exe
• qb[1].exe
• qq2006.exe
• qqzos.dll
• rx.exe
• sas.com
• servicer.exe
• severe.exe
• sj.exe
• sysinfo1.dll
• system.2dt
• system.jmp
• system2.jmp
• system64.sys
• sys[1].exe
• ThankYou.exe
• update[1].exe
• wj.exe
• wj[1].exe
• wshmcepts.chm
• wsttrs.dll
• wsttrs.exe
• xin.exe.exe
• xwpsvs.com
• xwurlmon.dll
• xyqq
• zz.exe
• _xr.bat
Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use QQPass Trojan Removal Tool for safe problem solution.
2. Delete the following malicious folders:
• %desktop%\severe\
• %desktop%\pic[2]\
• %programfiles%\outlook express\
• %desktop%\moi\
3. Delete the following malicious registry entries and\or values:
• Key: CLSID\{DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}
• Key: CLSID\{DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F}
• Key: CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}
• Key: CLSID\{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{06DB7430-7430-6DB1-306D-430DB4306DB1}
• Key: CLSID\{06DB7430-7430-6DB1-306D-430DB4306DB1}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}
• Key: CLSID\{729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{25E1EECB-E580-4032-97A2-A456D33820D1}
• Key: CLSID\{25E1EECB-E580-4032-97A2-A456D33820D1}\InProcServer32
Value: ThreadingModel
• Key: SOFTWARE\Classes\CLSID\{06DB7430-7430-6DB1-306D-430DB4306DB1}
• Key: SOFTWARE\Classes\CLSID\{06DB7430-7430-6DB1-306D-430DB4306DB1}\InProcServer32
Value: ThreadingModel
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000\Control
Value: *NewlyCreated*
• Key: CLSID\{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
• Key: CLSID\{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}\InProcServer32
• Key: SOFTWARE\Classes\CLSID\{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
• Key: SOFTWARE\Classes\CLSID\{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}\InProcServer32
Value: ThreadingModel
• Key: SOFTWARE\Classes\CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F}\InProcServer32
Value: ThreadingModel
• Key: SOFTWARE\Classes\CLSID\{25E1EECB-E580-4032-97A2-A456D33820D1}
• Key: SOFTWARE\Classes\CLSID\{25E1EECB-E580-4032-97A2-A456D33820D1}\InProcServer32
Value: ThreadingModel
• Key: SOFTWARE\Classes\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}
• Key: SOFTWARE\Classes\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}\InProcServer32
Value: ThreadingModel
• Key: CLSID\{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}
• Key: CLSID\{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}\InProcServer32
• Key: SOFTWARE\Classes\CLSID\{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}
• Key: SOFTWARE\Classes\CLSID\{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}\InProcServer32
Value: ThreadingModel
• Key: Software\Tencent\Hook
Value: First
• Key: Software\Tencent\Hook2
Value: First
• Key: SOFTWARE\Classes\CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}
• Key: Software\microsoft\qqjdd
Value: DL
• Key: System\CurrentControlSet\Services\VGADown
Value: Type
• Key: System\CurrentControlSet\Services\VGADown
Value: Start
• Key: System\CurrentControlSet\Services\VGADown
Value: ErrorControl
• Key: System\CurrentControlSet\Services\VGADown
Value: ImagePath
• Key: System\CurrentControlSet\Services\VGADown
Value: DisplayName
• Key: System\CurrentControlSet\Services\VGADown\Security
Value: Security
• Key: System\CurrentControlSet\Services\VGADown
Value: ObjectName
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN
Value: NextInstance
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000\Control
Value: *NewlyCreated*
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000
Value: Service
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000
Value: Legacy
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000
Value: ConfigFlags
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000
Value: Class
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_VGADOWN\0000
Value: DeviceDesc
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\VGADown\Enum
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\VGADown\Enum
Value: Count
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\VGADown\Enum
Value: NextInstance
• Key: System\CurrentControlSet\Enum\Root\LEGACY_VGADOWN\0000\Control
Value: ActiveService
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {06DB7430-7430-6DB1-306D-430DB4306DB1}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {754FB7D8-B8FE-4810-B363-A788CD060F1F}
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
Value: Debugger
• Key: Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe
Value: Debugger
• Key: SOFTWARE\Microsoft
Value: oneqq
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {7C3E3EA0-F318-43FB-952E-74736B2F6789}
• Key: System\CurrentControlSet\Services\Com+Home
Value: Type
• Key: System\CurrentControlSet\Services\Com+Home
Value: Start
• Key: System\CurrentControlSet\Services\Com+Home
Value: ErrorControl
• Key: System\CurrentControlSet\Services\Com+Home
Value: ImagePath
• Key: System\CurrentControlSet\Services\Com+Home
Value: DisplayName
• Key: System\CurrentControlSet\Services\Com+Home\Security
Value: Security
• Key: System\CurrentControlSet\Services\Com+Home
Value: ObjectName
• Key: System\CurrentControlSet\Services\Com+Home
Value: Description
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME
Value: NextInstance
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000
Value: Service
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000
Value: Legacy
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000
Value: ConfigFlags
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000
Value: Class
• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_COM+HOME\0000
Value: DeviceDesc
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\Com+Home\Enum
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\Com+Home\Enum
Value: Count
• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\Com+Home\Enum
Value: NextInstance
• Key: System\CurrentControlSet\Enum\Root\LEGACY_COM+HOME\0000\Control
Value: ActiveService
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value: AppInit_DLLs
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {25E1EECB-E580-4032-97A2-A456D33820D1}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {A6011F8F-A7F8-49AA-9ADA-49127D43138F}
• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Value: {2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Shell
Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use QQPass Trojan Removal Tool for safe problem solution.
Here are the descriptions of problems connected with QQPass Trojan and 11282[1].exe we received earlier:
I have the Trojan/QQpass
Problem Summary: I have the Trojan/QQpass
whenever my spyware trys to quarintne it, it freezes my spyware. its located in \"C:/Program Files/Common Files/Microsoft shared/Dao
Our support has contacted the author of this message, lyle, and helped to solve his problem.
QQPass Trojan
Problem Summary: QQPass Trojan
Infection needs to be removed
Our support has contacted the author of this message, David N. Smith, and helped to solve his problem.
Problem in focus: zlob trojan
Next threat: QQSpy Trojan »
Learn more about QQPass Trojan and 11282[1].exe »
« Back to catalog
Solution: 2745
|
![Download solution for QQPass Trojan and 11282[1].exe now!](http://securitystronghold.com/images/en/buttons/tbutton_1_3.png "Download solution for QQPass Trojan and 11282[1].exe now!")
