QUOCLOW.EXE – Trojan ZBot

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

QUOCLOW.EXE – Trojan ZBot removal

FileMD5Virus Alias
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan ZBot
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan Eldorado
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan Panda
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan Kazy
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan Agent
QUOCLOW.EXE f3e7fca0febebe3462b01acf73ad7caf Trojan FakeAV

QUOCLOW.EXE size: 143872 bytes
QUOCLOW.EXE hash: F3E7FCA0FEBEBE3462B01ACF73AD7CAF

Created files:

%AppData%\Kui\quoclow.exe
%AppData%\Microsoft\Address Book\USER.wab
%AppData%\Neiqy\xyuxem.dit
%UserProfile%\Local Settings\Application Data\Identities\{90CDECDB-42CE-4A44-A47A-25385119CC70}\Microsoft\Outlook Express\00000004.dbx
%UserProfile%\Local Settings\Application Data\Identities\{90CDECDB-42CE-4A44-A47A-25385119CC70}\Microsoft\Outlook Express\Folders.dbx
%UserProfile%\Local Settings\Application Data\Identities\{90CDECDB-42CE-4A44-A47A-25385119CC70}\Microsoft\Outlook Express\Inbox.dbx

Detected by UnHackMe:

QUOCLOW.EXE
Default location: %APPDATA%\KUI\QUOCLOW.EXE

Dropper information:
MD5: 42bda57aea99ca80de3590dbcd385a51
File size: 143872 bytes

Leave a Reply