I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
QUBVPR.SYS – Trojan PcClient removal
| File | MD5 | Virus Alias |
|---|---|---|
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Trojan PcClient |
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Trojan Generic |
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Trojan Eldorado |
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Backdoor PcClien |
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Backdoor Hupigon |
| QUBVPR.SYS | ec562a0359a71bd5962a3a18db3d0094 | Trojan Agent |
QUBVPR.SYS size: 5504 bytes
QUBVPR.SYS hash: EC562A0359A71BD5962A3A18DB3D0094
Created files:
%SysDir%\drivers\qubvpr.SYS
%SysDir%\qubvpr.dll
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\oqhqbp\Type: 10010000
HKLM\System\CurrentControlSet\Services\oqhqbp\Start: 02000000
HKLM\System\CurrentControlSet\Services\oqhqbp\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\oqhqbp\DisplayName: oqhqbp
HKLM\System\CurrentControlSet\Services\oqhqbp\ImagePath: %WinDir%\System32\svchost.exe -k oqhqbp
HKLM\System\CurrentControlSet\Services\oqhqbp\Description: Microsoft .NET Framework TPM
HKLM\System\CurrentControlSet\Services\oqhqbp\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007100750062007600700072002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\yqhqbpdj\Type: 01000000
HKLM\System\CurrentControlSet\Services\yqhqbpdj\Start: 02000000
HKLM\System\CurrentControlSet\Services\yqhqbpdj\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\yqhqbpdj\DisplayName: yqhqbpdj
HKLM\System\CurrentControlSet\Services\yqhqbpdj\ImagePath: %WinDir%\System32\drivers\qubvpr.SYS
Detected by UnHackMe:
QUBVPR.SYS
Default location: %SYSDIR%\DRIVERS\QUBVPR.SYS
Dropper information:
MD5: 22110087dcfd1e707752f5e62158f3c6
File size: 194933 bytes