Trojan

Trojan.Qshell removal

Malware Removal

The Trojan.Qshell is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Qshell virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan.Qshell?



File Info:

crc32: 6D35C412
md5: 7e8b9cf70707293f8950b2151a3c16f4
name: 7E8B9CF70707293F8950B2151A3C16F4.mlw
sha1: c925e491311dc75e2c8a7c05d7deb608c95b4e51
sha256: 3e6612264ae84cddf04379c1a1df09197cbf88f9103c825457c837fcdef69887
sha512: 6059abc60ecd8f67dc4d80a189aa9b8631204dc7b38936f3ee0735eb3030ceefb08fba14a492978afe2191fd35ac17c705317dc5c83a216bce23b0b58533630c
ssdeep: 12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvW0:pjOMtd1a/yl3KOjb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 1997-2017 Simon Tatham.
InternalName: PSFTP
FileVersion: Release 0.68
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.68
FileDescription: Command-line interactive SFTP client
OriginalFilename: PSFTP
Translation: 0x0809 0x04b0

Trojan.Qshell also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005746321 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Banker1.36727
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Qshell
ALYacTrojan.Mint.Zamg.O
CylanceUnsafe
ZillyaTrojan.Qshell.Win32.5
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Dridex.d5aff5a2
K7GWTrojan ( 005746321 )
Cybereasonmalicious.707072
CyrenW32/Trojan.SNHH-0017
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHYV
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Qshell.pef
BitDefenderTrojan.Mint.Zamg.O
NANO-AntivirusTrojan.Win32.Qshell.idhocd
MicroWorld-eScanTrojan.Mint.Zamg.O
TencentMalware.Win32.Gencirc.10ceac0b
Ad-AwareTrojan.Mint.Zamg.O
SophosMal/Generic-R + Mal/EncPk-APV
ComodoMalware@#1hvxos3jqfs8x
BitDefenderThetaGen:NN.ZexaF.34170.Jy1@aeoJo!hi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
FireEyeGeneric.mg.7e8b9cf70707293f
EmsisoftTrojan.Mint.Zamg.O (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Qshell.id
AviraTR/Crypt.Agent.mfbto
Antiy-AVLTrojan/Generic.ASMalwS.3107576
KingsoftWin32.Heur.KVMH008.a.(kcloud)
MicrosoftTrojan:Win32/Dridex.NA!MTB
GridinsoftTrojan.Win32.Kryptik.oa!s1
GDataTrojan.Mint.Zamg.O
TACHYONTrojan/W32.Qshell.579589
AhnLab-V3Trojan/Win.Dridex.R432381
Acronissuspicious
McAfeeGenericRXPM-KH!7E8B9CF70707
MAXmalware (ai score=87)
VBA32BScope.Trojan.Jorik
MalwarebytesTrojan.MalPack.VAK
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DIL21
RisingTrojan.Generic@ML.100 (RDML:L0WEhjKO5u1x5cRjbyJAow)
YandexTrojan.Qshell!f4LpkobODOY
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Kryptik.HIJR!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml

How to remove Trojan.Qshell?

Trojan.Qshell removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment