Mal/Qbot-P removal

The Mal/Qbot-P is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/Qbot-P virus can do?

Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Mal/Qbot-P?


File Info:
name: 1DDEA14130D3AA0B8176.mlw
path: /opt/CAPEv2/storage/binaries/76b7c37b8cbe4e7427f0a42596227d33224661792f4cc647ec372033b80e6dbd
crc32: 98CBBAEC
md5: 1ddea14130d3aa0b8176cbd56a16da18
sha1: 7bb5c57be6cc8b4f56671fc89be05ddbacba0689
sha256: 76b7c37b8cbe4e7427f0a42596227d33224661792f4cc647ec372033b80e6dbd
sha512: f944bbc72fbc445bb8612d0856ff0a8009e4a93cea1f43d11f328bf450e7c7edcf004830cbeeb8fb0b7baa217282dbf9bdaa29c59235807aeb34898f94cad06b
ssdeep: 6144:XgnfzJrDWRoI+Q/k3HYXCDxilwn9xYwgCPOdoZI6BGwfAleHYmbI:XiJrDGB++plwn9xYFOOyZNINeHYaI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB847D22BA04F432C16240B9EA55E379A5B874312526484BF7E4CF6D9FE1392DB38B47
sha3_384: bac82238b79e4cfe5e43eb34a28d006279baa773c4e4a964cd5ded9d9a34c038a74cd2dd3980b1f4ba1f82342a53640c
ep_bytes: e8ba9f0000e978feffffcccccccccccc
timestamp: 2013-01-20 20:14:04

Version Info:
Comments:                                                                                                                                                                                                                                                                    
CompanyName: Microsoft Corporation
FileDescription: Microsoft RSVP
FileVersion: 5.1.2600.0
InternalName: rsvp.exe
LegalCopyright: ﾩ Microsoft Corporation. All rights reserved.
LegalTrademarks: ﾩ Microsoft Corporation. All rights reserved.
OriginalFilename: rsvp.exe
PrivateBuild: rsvp.exe
ProductName: Microsoftﾮ Windowsﾮ Operating System
ProductVersion: 5.1.2600.0
SpecialBuild: 5.1.2600.0
Translation: 0x0409 0x04b0

Mal/Qbot-P also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Malware.yy0@aaZ4U2pi
FireEye	Generic.mg.1ddea14130d3aa0b
CAT-QuickHeal	Trojan.Mauvaise.SL1
Skyhigh	BehavesLike.Win32.NetLoader.fh
McAfee	Downloader-FIK!1DDEA14130D3
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Trojan.Malware.yy0@aaZ4U2pi
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/Vindor.59e2fa40
Cybereason	malicious.be6cc8
Arcabit	Trojan.Malware.E7CF48
VirIT	Trojan.Win32.DownLoader8.UBN
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Rodecap.BB
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Malware.yy0@aaZ4U2pi
Avast	Win32:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10b2aee3
Emsisoft	Gen:Trojan.Malware.yy0@aaZ4U2pi (B)
F-Secure	Trojan.TR/Small.bhoumd
DrWeb	Trojan.DownLoader8.13559
Zillya	Trojan.Rodecap.Win32.1703
TrendMicro	TROJ_RODECAP.SMO
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Qbot-P
Ikarus	Trojan.Win32.Small
Jiangmin	Trojan/Generic.azpcd
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Small.bhoumd
Antiy-AVL	Trojan/Win32.Unknown
Xcitium	TrojWare.Win32.Agent.AWR@4ri3wg
Microsoft	Trojan:Win32/Small.BH
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Trojan.Malware.yy0@aaZ4U2pi
Varist	W32/SmallDl.F.gen!Eldorado
AhnLab-V3	Trojan/Win32.Blocker.R82934
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
ALYac	Gen:Trojan.Malware.yy0@aaZ4U2pi
MAX	malware (ai score=83)
Cylance	unsafe
Panda	Generic Suspicious
TrendMicro-HouseCall	TROJ_RODECAP.SMO
Rising	Ransom.Blocker!8.12A (TFE:5:bCIcjKVkMPC)
Yandex	Trojan.GenAsa!6KhuQuHc76g
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Rodecap.BBC!tr
BitDefenderTheta	Gen:NN.ZexaF.36744.yy0@aaZ4U2pi
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Mal/Qbot-P?

Mal/Qbot-P removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X