Avast WEBforum

Other => Viruses and worms => Topic started by: whitewolfcx on July 14, 2013, 04:21:33 PM

Title: qvo6, Is this Virus/Malware playing GOD?
Post by: whitewolfcx on July 14, 2013, 04:21:33 PM

Anybody knows how to remove it
I have WINDOWS 8 installed and I can't find the name of this virus anywhere on my computer so that I could disable it. It's like an integral part of system.

Please Help if anybody knows. The google search shows pages which ask to nstall spyware removal softwares, I have done that also but no results.

Title: Re: qvo6, Is this Virus/Malware playing GOD?
Post by: oldman on July 14, 2013, 04:53:55 PM

Hi whitewolfcx, welcome to the forum.

To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
  
• Please do not run any scans other than those requested
  
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
  
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
  

This shouldn't be too bad. I got a couple of tools that should clean it up for you. First I need to see a log from OTL. What version of Windows 8 are you using?

• Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
  
• Right click on the icon and click "Run as administrator:" to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the box beside "scan all users"
• Check the boxes beside LOP Check and Purity Check.
  
• Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    
  • You may need two posts to fit them both in or just attach them.

Title: Re: qvo6, Is this Virus/Malware playing GOD?
Post by: techlike99 on July 18, 2013, 09:34:07 PM

As usual, Google is your friend mate. I'm pretty sure any of these will help you:

http://deletemalware.blogspot.com/2013/04/qvo6-removal-how-to-uninstall.html

http://www.bleepingcomputer.com/virus-removal/remove-qvo6.com-browser-hijacker

Title: Re: qvo6, Is this Virus/Malware playing GOD?
Post by: polonus on July 18, 2013, 09:49:51 PM

Let the victim be assisted by the qualified remover under guidance,

polonus

Title: Re: qvo6, Is this Virus/Malware playing GOD?
Post by: Voble on September 03, 2013, 12:56:50 PM

Hello, im also suffering from qvo6, and i cant use google because it shows me fake sites which are just more viruses, so i did what was suggested above, but the text is too long to be put directly here, so i uploaded them on uploadmb.com

Heres the link for OTL.txt http://www.uploadmb.com/dw.php?id=1378205479
And heres for extras.txt http://www.uploadmb.com/dw.php?id=1378205560



Sadly before i knew i couldnt do this manually just by removing the programs, i already did delete some, hopefully someone can still help me with this!
Really annoying to be too scared to plug in the internet cable.


Also, would those malware removal things also work..?

Title: Re: qvo6, Is this Virus/Malware playing GOD?
Post by: magna86 on September 03, 2013, 03:03:12 PM

@ Voble

• I will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• If you don't know or understand something, please don't hesitate to ask.
  
• Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
• Please DO NOT run any other tools or scans whilst I am helping you.
  
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

--------------------------------------------------------------------------------------------



Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=ds&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138870
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A65817A5CE74AFD44DA94152258152BB
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=ds&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138870
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A65817A5CE74AFD44DA94152258152BB
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:commands
[CREATERESTOREPOINT]
[emptytemp]

• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log



----- next -----




Please download zoek.zip ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...

• Close any open browsers.
•   Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

• Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button
  Please wait until a logreport will open (this can be after reboot)
  
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

=================================

Please attach logreports here as attachment:

(http://www.mcshield.net/personal/magna86/Images/avast%20attach%20post.png)