nodqq.exe

Last Updated on Thursday, 14 June 2012 17:07 Thursday, 29 April 2010 21:12

Harmful - EXE

The name nodqq.exe is seen in several virus installations. The analysis reports are listed below

# This virus does the following - analysis report
- block anti-virus programs from running
- modify firewall settings
- modify several windows files
- Create bad Services with names MouseDriver, Client Service for NetWare, Mshost Manager
- Stops good services named - Application Layer Gateway Service, Windows Firewall/Internet Connection     Sharing (ICS),  Security Center
- Creates the following files
C:\autorun.inf
%AppData%\svchost.exe
-The following files are found in the Temperory folder
nodqq.exe, nodqq0.dll, nodqq1.dll, nodqq2.dll

# Creates the following - analysis report
C:\autorun.inf
C:\dqm.exe
- A randomly named exe file is found in the C:\ folder

# additional files found - analysis report
C:\windows\system32\arking0.dll
C:\windows\system32\arking1.dll
C:\windows\system32\arking2.dll
- The bad DLL files are loaded in the address space of Internet Explorer, Windows Explorer and other legitimate processes. As a result Windows may not allow these files to be deleted. Booting in the Safe mode or use of Dos prompt may be required.

# additional Files found - analysis
C:\windows\system32\mgking.exe
C:\windows\system32\mgking0.dll
C:\windows\system32\mgking1.dll 

# additional Files found - analysis
%Temp%\dsoqq.exe
%Temp%\dsoqq0.dll

 

( Full path for short folder names can be found on this link )

The removal process may require using the System Restore, enabling to view Hidden files and folders, removing entries from the Windows Startup, Booting in the Safe Mode, using the System File Checker  etc. These steps vary slightly for different versions of Microsoft Windows.

Some steps are essential

# End the virus processes from the Task Manager
# Search and Delete virus files from the hard disk. Enable to view Hidden Files and Folders before you search. Otherwise virus files inside the hidden folders will not be found.
# Remove obsolete registry keys using CCleaner

Detailed instructions and a number of free Tools are listed on this link

Different ways to prevent viruses from entering the computer can be found on this link.


Reprinted with permission from Threatexpert.com

Before proceeding, please see the Disclaimer  

< Prev   Next >

Main Menu

Home
----Sections----
Harmful Files
Virus Removal
Trojan Removal
Worms Removal
Rogues Removal
Unwanted Apps
Removal Tools
Current News
----Articles----
Warning/ Disclaimer
Common Folders
Preventive Measures
Removal Instructions
Video Tutorials
----Site Info----
Sitemap
About/Contact
Privacy Policy
Search this site
FAQ

Subscribe to me on YouTube

Similar