Solved! Use WQLZIW.X64.DLL (Trojan Agent) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WQLZIW.X64.DLL – Trojan Agent removal

File MD5 Virus Alias
WQLZIW.X64.DLL 54e21b7dae36a033b7e663765a15b095 Trojan Agent
WQLZIW.X64.DLL 54e21b7dae36a033b7e663765a15b095 Adware MultiPlug

WQLZIW.X64.DLL size: 512512 bytes
WQLZIW.X64.DLL hash: 54E21B7DAE36A033B7E663765A15B095

Created files:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Program Files%\MySearch\wQlZIW.dll
%Program Files%\MySearch\wQlZIW.tlb
%Program Files%\MySearch\wQlZIW.x64.dll
%Common AppData%\d6ffadbb0bf5d660\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.20140914042251
%Common AppData%\MySearch\v8sPPnk.exe
%Local AppData%\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Temp%\3c683ba4\pdidaggjnmcfkbnbppnmggimlmcamnlm\manifest.json
%Temp%\__tmp_00a60861
%Temp%\__tmp_02738f16
%Temp%\__tmp_0f04bc5b
%Temp%\__tmp_11a37f8c
%Temp%\__tmp_13cc7cc1
%Temp%\__tmp_13d55531
%Temp%\__tmp_1a273a3b
%Temp%\__tmp_22687262

Detected by UnHackMe:

WQLZIW.X64.DLL
Default location: %PROGRAM FILES%\MYSEARCH\WQLZIW.X64.DLL

Dropper information:
MD5: e5f8f1bb04519f5af110f4326a5cda14
File size: 1986216 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images