Solved! Use WQLZIW.DLL (Adware MultiPlug) Removal Guide

Adware No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WQLZIW.DLL – Adware MultiPlug removal

File MD5 Virus Alias
WQLZIW.DLL 374367ba293ed2c64cb7bfc4d1fe1417 Adware MultiPlug
WQLZIW.DLL 374367ba293ed2c64cb7bfc4d1fe1417 Trojan Artemis
WQLZIW.DLL 374367ba293ed2c64cb7bfc4d1fe1417 Trojan Generic
WQLZIW.DLL 374367ba293ed2c64cb7bfc4d1fe1417 Trojan Agent

WQLZIW.DLL size: 452096 bytes
WQLZIW.DLL hash: 374367BA293ED2C64CB7BFC4D1FE1417

Created files:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Program Files%\MySearch\wQlZIW.dll
%Program Files%\MySearch\wQlZIW.tlb
%Program Files%\MySearch\wQlZIW.x64.dll
%Common AppData%\d6ffadbb0bf5d660\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.20140914042251
%Common AppData%\MySearch\v8sPPnk.exe
%Local AppData%\Chromatic Browser\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Comodo\Dragon\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Google\Chrome\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Google\Chrome SxS\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Local AppData%\Torch\User Data\Default\Extensions\pdidaggjnmcfkbnbppnmggimlmcamnlm\2.1\manifest.json
%Temp%\3c683ba4\pdidaggjnmcfkbnbppnmggimlmcamnlm\manifest.json
%Temp%\__tmp_00a60861
%Temp%\__tmp_02738f16
%Temp%\__tmp_0f04bc5b
%Temp%\__tmp_11a37f8c
%Temp%\__tmp_13cc7cc1
%Temp%\__tmp_13d55531
%Temp%\__tmp_1a273a3b
%Temp%\__tmp_22687262

Detected by UnHackMe:

WQLZIW.DLL
Default location: %PROGRAM FILES%\MYSEARCH\WQLZIW.DLL

Dropper information:
MD5: e5f8f1bb04519f5af110f4326a5cda14
File size: 1986216 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images