Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lister on January 03, 2009, 02:03:49 AM
-
I've got something called klomp.exe that seems to have installed itself into IE.
I opened IE and my firewall (Comodo) asked if I wanted to allow it, I blocked it and now when I try to start IE ii asks if klomp can start instead.
Any help here? Avast! is detecting nothing.
-
From what I've seen o the net, it appears this is a fairly new browser hijacker. I think you did the right thing by denying it permission in the firewall.
Have a look in the Windows\System\System 32 folder, and see if the files "Klomp.exe" and "qdbon.dll" are present, and if so, can they be deleted?
Try downloading http://www.malwarebytes.org/mbam.php (http://www.malwarebytes.org/mbam.php) and installng it. This is a very good demand anti-malware scanner. Update it and run a scan.
More info here: http://www.threatexpert.com/report.aspx?md5=c6d87592eb13f43c7e0bc9590632f064 (http://www.threatexpert.com/report.aspx?md5=c6d87592eb13f43c7e0bc9590632f064)
-
How to remove klomp.exe (also known as qdbon.dll).
I had a problem starting Internet Explorer, but this solved it:
1. First, remove, using HiJackThis, registry input C:\WINDOWS\system32\xwr63956.dll
2. Using regedit, remove registry-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe.
3. Finally delete these files from windows/system32:
xwr63956.dll, wr63956.dll, xa?????.exe (files starting with the letters "xa") and qdbon.dll.
Regards
-
@ noeff
Thanks for the input, what would also help for anyone with this problem is, before deleting any files, send samples to avast to improve detections.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
-
How to remove klomp.exe (also known as qdbon.dll).
I had a problem starting Internet Explorer, but this solved it:
1. First, remove, using HiJackThis, registry input C:\WINDOWS\system32\xwr63956.dll
2. Using regedit, remove registry-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe.
3. Finally delete these files from windows/system32:
xwr63956.dll, wr63956.dll, xa?????.exe (files starting with the letters "xa") and qdbon.dll.
Regards
Thanks for the good tips. I'm a McAfee user and though it caught a few files coming in, it didn't catch enough and I was affected. These tips helped me get back up and running...guess I'll submit my files to McAfee for detection as well.