Malware

Mal/Qbot-P removal instruction

Malware Removal

The Mal/Qbot-P is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Qbot-P virus can do?

  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • Executes the printer spooler process
  • Authenticode signature is invalid
  • Connects to/from or queries a remote desktop session
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Mal/Qbot-P?



File Info:

name: 08B4430DEE253C2140ED.mlw
path: /opt/CAPEv2/storage/binaries/349d00c012ea2072dadbed3c790296f8dcb550a6cbad5e783f0f5126af941b31
crc32: AE057B86
md5: 08b4430dee253c2140eddc04256b90e2
sha1: cd96c0cc7f0d95f565d38443bdf8cf372f69bacd
sha256: 349d00c012ea2072dadbed3c790296f8dcb550a6cbad5e783f0f5126af941b31
sha512: cc60d6dd1fe1a5bce60931b55cf8b83dee9355ca4da1b67b2a119a12450916bb18283b8521da4566ad68b8c4136d6f2bcf5ca234615080b8bf0354b3508218a5
ssdeep: 6144:Yx8k6Ks1PW9rVjbFLeBmQ5W/9jyBx7Z+eNT3q3XAr2n:YGk6KwO9Jz/9jy77ZhjQn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102848D32BA44F032C16340B9BA59E77564B87571293A480BFBE4466CDEF12D2DB35B0B
sha3_384: 687d1910282e63abbe8a4333b659e50fb4ea153edadd3891b3f9dace0a65d46afb6206047c71bb0a4ba159f5df6571f1
ep_bytes: e8ba9f0000e978feffffcccccccccccc
timestamp: 2013-02-13 01:04:39


Version Info:

Comments:                                                                                                                                                                                                                                                                    
CompanyName: Microsoft Corporation
FileDescription: IE Per User Active Setup Uninstall Utility
FileVersion: 7.00.5730.13
InternalName: IEUDINIT
LegalCopyright: ᄅ Microsoft Corporation. All rights reserved.
LegalTrademarks: ᄅ Microsoft Corporation. All rights reserved.
OriginalFilename: IEUDINIT.EXE
PrivateBuild: IEUDINIT.EXE
ProductName: Windowsᆴ Internet Explorer
ProductVersion: 7.00.5730.13
SpecialBuild: 7.00.5730.13
Translation: 0x0409 0x04b0

Mal/Qbot-P also known as:

LionicTrojan.Win32.Rodecap.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Malware.xu0@aacxJjai
CAT-QuickHealTrojan.Small.gen
SkyhighBehavesLike.Win32.Generic.fh
McAfeeDownloader-FKE!08B4430DEE25
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Trojan.Malware.xu0@aacxJjai
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004e42231 )
AlibabaMalware:Win32/km_2c5e0.None
K7GWTrojan ( 004e42231 )
Cybereasonmalicious.c7f0d9
VirITTrojan.Win32.DownLoader8.BBPF
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Rodecap.BB
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Malware.xu0@aacxJjai
NANO-AntivirusTrojan.Win32.Small.febgic
AvastWin32:MalwareX-gen [Trj]
TencentMalware.Win32.Gencirc.10b23382
EmsisoftGen:Trojan.Malware.xu0@aacxJjai (B)
F-SecureTrojan.TR/Small.bhoumd
DrWebTrojan.DownLoader8.18647
ZillyaBackdoor.PePatch.Win32.93216
TrendMicroTROJ_RODECAP.SMO
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.08b4430dee253c21
SophosMal/Qbot-P
SentinelOneStatic AI – Suspicious PE
MAXmalware (ai score=100)
GDataGen:Trojan.Malware.xu0@aacxJjai
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Small.bhoumd
VaristW32/SmallDl.F.gen!Eldorado
Antiy-AVLTrojan/Win32.AGeneric
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.Agent.AWR@4ri3wg
ArcabitTrojan.Malware.E67EC0
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Small.BH
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Blocker.R52075
VBA32BScope.Trojan.Downloader
ALYacGen:Trojan.Malware.xu0@aacxJjai
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_RODECAP.SMO
RisingRansom.Blocker!8.12A (TFE:5:bCIcjKVkMPC)
IkarusTrojan.Win32.Small
MaxSecureTrojan.Malware.11973.susgen
FortinetW32/Rodecap.BBC!tr
BitDefenderThetaGen:NN.ZexaF.36744.xu0@aacxJjai
AVGWin32:MalwareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Mal/Qbot-P?

Mal/Qbot-P removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment