Sunday, June 11, 2006

Yesterday I received a call from my ISP and alerted me promptly that my usage was beyond normal.

It shot up to 600 mb, where as the mormal is only about 30 mb. I was concerned.
They advised me to check my system for virus, but they didn't know the type of virus to look for.

I searched the internet for nearly an hour and came up with this trojan named QAZ Trojan.
This virus is also known as W32.hllw.qaz.a or Qaz.worm.

What exactly happened?
A hacker was searching for open ports. When he finds such an unprotected opening, he inserts this virus to gain control over my system remotely. It is primarily distributed through 'notepad' and gets into he registry.We often save web pages as text. Qaz.trojan rewrites the System Registry to load itself every time the computer is rebooted.
It is supposed to be originated from China.


Notice the symptoms:
• Programs may start slowly.
• You may receive the following error message when you start your computer:
'Cannot find Qazwsx.hsq '
.Sudden increase in usage of your ISP traffic
.A lot of 'undeliverable' msg appears in your outlook express

Solutions:
To overcome this problem, use an antivirus program to detect and remove the virus.
But I had to reinstall the windows to flush out the infection.

Acknowledgements:
http://Microsoft.com
http://www.pchell.com/virus/qaz.shtml
http://www.diamondcs.com.au/index.php?page=archive&id=analysis-qaz

Kindly Bookmark and Share it:

0 comments: