Trojan

How to remove “Trojan:Win32/QQPass.DA!MTB”?

Malware Removal

The Trojan:Win32/QQPass.DA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/QQPass.DA!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/QQPass.DA!MTB?



File Info:

name: 86755C8A24EA9102D089.mlw
path: /opt/CAPEv2/storage/binaries/63ca6267558159a3633afeaa09873732377217db71c597b0998f7fdaef8adca9
crc32: A123A8D4
md5: 86755c8a24ea9102d089fbc16771929a
sha1: e5fcc7b59d5eb8ee66f6246c2977c0b82eb069cb
sha256: 63ca6267558159a3633afeaa09873732377217db71c597b0998f7fdaef8adca9
sha512: f1017def01d77b1f9a95697c48ff2cffb9e9b5c78c6e0334d2ed8db5c0502ce0f7860ea4642fbcd934bd8e50ca0a0a65fbab23bf9824bb1902e8a4061f4a8e64
ssdeep: 98304:ivM+6kdcBT2kN6bEgSQXIkLrLa/hCeiqT8b1aFjBm/:RHLmLa/hCVqT8b1aFjB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BC269D076EC7CAB2C9125B305E7D2F5662BE6C1474BE901BB76838BB78B5323001E6D5
sha3_384: 90dc5afa8eacf8d644a40c75c323a3729b756aaf63a2add2ef6eb725376d6ba1c8d3f838df2cbaf2a2d82b631bc3744e
ep_bytes: e84a840000e97ffeffff3b0db0c15a00
timestamp: 2015-04-19 04:22:19


Version Info:

FileVersion: 1.8.1.0
ProductVersion: 1.8.1.0
Translation: 0x0804 0x04b0

Trojan:Win32/QQPass.DA!MTB also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Doina.7723
FireEyeGen:Variant.Doina.7723
CAT-QuickHealTrojan.QQpass
McAfeeArtemis!86755C8A24EA
Cylanceunsafe
ZillyaTrojan.QQPass.Win32.25503
SangforInfostealer.Win32.QQPass.V851
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/QQPass.6a617b1a
K7GWPassword-Stealer ( 004c31701 )
K7AntiVirusPassword-Stealer ( 004c31701 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/PSW.QQPass.OXJ
APEXMalicious
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.7723
NANO-AntivirusTrojan.Win32.QQPass.dshnro
AvastWin32:GenMaliciousA-QGV [Trj]
TencentMalware.Win32.Gencirc.10b86c94
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1320595
BaiduWin32.Trojan-PSW.QQPass.am
VIPREGen:Variant.Doina.7723
TrendMicroTROJ_GEN.R011C0DHQ23
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
EmsisoftGen:Variant.Doina.7723 (B)
GDataGen:Variant.Doina.7723
JiangminTrojan/PSW.QQPass.rfe
AviraHEUR/AGEN.1320595
ArcabitTrojan.Doina.D1E2B
ViRobotTrojan.Win.Z.Qqpass.4730880
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/QQPass.DA!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.QQPass.R159907
VBA32TrojanPSW.QQPass
ALYacGen:Variant.Doina.7723
MAXmalware (ai score=83)
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R011C0DHQ23
RisingTrojan.QQpass!8.A7C (TFE:5:Izi8ovMC3H)
IkarusTrojan-PSW.QQpass
FortinetW32/QQPass.OXJ!tr
AVGWin32:GenMaliciousA-QGV [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/QQPass.DA!MTB?

Trojan:Win32/QQPass.DA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment