(Virus) The filename QM4623.EXE was first seen on Sep 2 2008

[mprkiran]

Hi All,

My system was infected by WORM. Could anyone tell about these worm.

I saw one file name(J6186422.EXE) in "MSCONFIG". I found this file history in Google Search.

The filename QM4623.EXE was first seen on Sep 2 2008
File Name Aliases

QM4623.EXE can also use the following file names:

• SMSS.EXE
• J6205322.EXE
• C_20532K.COM
• ZH59927084Y.EXE
• O4205327.EXE
• _DEFAULT20532.PIF
• YESBRON.COM
• J6186422.EXE
• C_18642K.COM
• O4186427.EXE
• _DEFAULT18642.PIF

Pls give some technicle information about this worm.

I got one software from the site http://www.prevx.com/filenames/2976361820758013838-0/QM4623.EXE.html but i have a doubt that this software is perfectly working or not,Because i have important files in my system that's why i am asking you.

pls tell if anyone about this worm.

 

[Madxgraphics]

Download Spybot Search & Destroy and run it..Also download Superantispyware and run it...Also the software you downloaded get rid of it..Thats where the Virus is coming from..

 

[daveydoom]

Also the software you downloaded get rid of it..Thats where the Virus is coming from..

The Prevx software may not be the best but I can assure you that the malware did not originate from there. It's not a rogue program .

I'd still turf it though and use something else .

 

[mprkiran]

Problem:

when I switch on my system, booting Ok and Windows Logon Screen comes properly. Afer Windows logon, black color screen is coming. No Desktop.

Ctrl + Alt + Delete key combination working. I tried to install the below softwares throgh Task Manager -> Command Prompt but Errors came.



How can i slove these Errors and also how can I remove and add new IP and DNS addresses at command prompt.



1)

Error is coming When i install Superantispyware Software. Error is

Windows Installer
​

The Windows Installer Service could not be accessed. This can occur if you are running windows in safe mode, or if the Windows Installer is not currently installed. Contact your support perssonnel for assistance.



2)Not connecting the website when I install "Spybot" Software. This software asking for internet connection.





Pls provide information.

 

[mprkiran]

j6186422 and sv711936830r (Paths in MSCONFIG is C:\Windows\j6186422.exe, C:\Windows\System32\n8193\sv711936830r.exe)



When I was reading my Out Look Mails, suddenly black screen came. No Desktop. Numslock, Capslock and Scroll Lock keys work properly. No commands working. I got Task Manager When I press Ctrl + Alt + Delete Combination. With the help of Task Manager I saw j6186422 and sv711936830r in MSCONFIG.



Every time I get Black blank desktop when I logon. I am unable to install any softwares([font=&quot]Superantispyware, [/font]Spybot, hijackthis). How to remove j6186422 and sv711936830r in my system.




Pls provide technicle information about this problem.

 

[Madxgraphics]

The Prevx software may not be the best but I can assure you that the malware did not originate from there. It's not a rogue program .

I'd still turf it though and use something else .

Please do tell me how you can asure me its not rogue..?If it was downloaded how can you be 100% sure that nothing hijacked it on its way...???????Please do answer

 

[mprkiran]

Please do tell me how you can asure me its not rogue..?If it was downloaded how can you be 100% sure that nothing hijacked it on its way...???????Please do answer

oh,
Sorry.. I am installing the software now and i will tell u about the result.

 

[Madxgraphics]

Sorry mate that post was pointed at Davydoom not you..

 

[mprkiran]

Sorry mate that post was pointed at Davydoom not you..

ok dear mate Madxgraphics.

But i have installed just now. It scanned the whole system within 5 minutes. How it is possible i don't know. It is asking Credit Card for License Key. I cannot give my Credit Card number without any information of the site.
I conneted the Infected hard disk in another system and did the whole process because i am unable to install any softwares in infected system (hard disk).

thanks for your reply.

 

[mprkiran]

dear mate Madxgraphics



I send one clear mail with attached images about this problem to (e-mail address removed). They said that

Send HiJactThis log file at my mail id (e-mail address removed) and HiJackThis should be on C:\
- some software could have a trouble with MacAfee antivirus -> temporary disable MacAfee
- try to repair installation of Windows as http://www.michaelstevenstech.com/XPrepairinstall.htm

I am following their suggestions now. After successful, I will tell the result. If you have any information pls give me as u like.

 

[daveydoom]

Please do tell me how you can asure me its not rogue..?

It appeares to me as though the poster was referring to Prevx CSI software and the Prevx software is not a rogue program. That's all I meant .

If it was downloaded how can you be 100% sure that nothing hijacked it on its way...???????Please do answer

Following that logic we shouldn't be downloading anything. However, we all constantly advise people to download SUPERAntiSpyware, MalwareBytes' Anti-Malware, HijackThis, Ad-Aware, Spybot Search and Destroy, AVG, avast!, AntiVir, etc, etc. We have to trust that the sites they are downloading them from are not infected. That's why it's best to download from the authors site as often as possible.

 

[muckshifter]

That's why it's best to download from the authors site as often as possible.

That, is a must do!!