qrzsyr.dll

[Steve Pope]

I have an XP computer which contains a file Windows\system32\qrzsyr.dll
which Symantec detects as infected. Virustotal flags this file
multiple times. Previously the computer was infected one time with
spyware (popups, false spyware alerts, false toolbars etc.) which
Spybot S&D successfully removed.

I suspect this file is leftover from the previous infection.

qrzsyr.dll does not appear in the registry. Should I try just
removing it?

Thanks,

Steve

 

[David H. Lipman]

From: "Steve Pope" <[email protected]>

| I have an XP computer which contains a file Windows\system32\qrzsyr.dll
| which Symantec detects as infected. Virustotal flags this file
| multiple times. Previously the computer was infected one time with
| spyware (popups, false spyware alerts, false toolbars etc.) which
| Spybot S&D successfully removed.
|
| I suspect this file is leftover from the previous infection.
|
| qrzsyr.dll does not appear in the registry. Should I try just
| removing it?
|
| Thanks,
|
| Steve

Steve:

What did Symantec call this (infected is not enough) and what was the EXACT results from the
Virus Total report ?

Yes you should remove the DLL.

 

[Steve Pope]

What did Symantec call this (infected is not enough)

I don't that that information in front of me, but will supply
it later this evening.

and what was the EXACT results from the Virus Total report ?

Virustotal report follows:

[ file data ]
* name: qrzsyr.dll
* size: 19456
* md5.: 4fd5a45a4a58d5a02e1fdc03bbd119f9
* sha1: cd33a37b9616ec4eb039425a8a687d667ee9dda8

[ scan result ]
AntiVir 7.3.1.37/20070221 found nothing
Authentium 4.93.8/20070221 found [W32/Downloader.AWCX]
Avast 4.7.936.0/20070221 found [Win32:Zlob-TR]
AVG 386/20070221 found [Downloader.Agent.HIP]
BitDefender 7.2/20070222 found [Adware.Cfodor.A]
CAT-QuickHeal 9.00/20070221 found [TrojanDownloader.Agent.bdj]
ClamAV devel-20060426/20070222 found nothing
DrWeb 4.33/20070221 found [Trojan.DownLoader.16535]
eSafe 7.0.14.0/20070221 found [Win32.Agent.bdj]
eTrust-Vet 30.4.3419/20070222 found [Win32/Spax!generic]
Ewido 4.0/20070221 found [Downloader.Agent.bdj]
F-Prot 4.2.1.29/20070221 found [W32/Agent.BQE]
F-Secure 6.70.13030.0/20070221 found [not-a-virus:FraudTool.Win32.World
SecurityOnline.b]
FileAdvisor 1/20070222 found nothing
Fortinet 2.85.0.0/20070221 found [W32/HEUR.GN!tr]
Ikarus T3.1.0.31/20070221 found [not-a-virus:.FraudTool.Win32.Worldsecurit
yonline.b]
Kaspersky 4.0.2.24/20070222 found [not-a-virus:FraudTool.Win32.World
SecurityOnline.b]
McAfee 4968/20070221 found nothing
Microsoft 1.2204/20070221 found nothing
NOD32v2 2074/20070221 found [Win32/TrojanDownloader.Zlob.ANK]
Norman 5.80.02/20070221 found [W32/DLoader.BVTB]
Panda 9.0.0.4/20070221 found [Adware/VirusBursters]
Prevx1 V2/20070222 found [Generic.Zlob!DL]
Sophos 4.14.0/20070221 found nothing
Sunbelt 2.2.907.0/20070222 found [Trojan.FakeAlert]
Symantec 10/20070222 found [Trojan.Adclicker]
TheHacker 6.1.6.062/20070221 found [Trojan/Downloader.Agent.bdj]
UNA 1.83/20070221 found [TrojanDownloader.Win32.Agent.EBFE]
VBA32 3.11.2/20070221 found [Trojan-Downloader.Win32.Agent.bdj]
VirusBuster 4.3.19:9/20070221 found nothing

[ notes ]
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=0d7d62407405
Sunbelt info: Trojan.FakeAlert consists of files that cause false warnings of sp
yware on the computer. Usually the alerts are displayed in a balloon type pop-u
p from an icon in the system tray.


(End of Virustotal report)

Yes you should remove the DLL.

Thanks.

Steve

 

[Steve Pope]

Use Spyerase version 10, it's fast and free.

Thanks for the tip.

Steve

 

[Steve Pope]

What did Symantec call this (infected is not enough)

qrzsyr.dll
\\Kxp\c\SCAN\WINDOWS\system32\
Virus name: Trojan.Adclicker


I deleted it and all seems fine.

Steve