W32/Qeds-A

Please follow the instructions for removing worms.

Please contact technical support.

W32/Qeds-A is a virus for the Windows platform.

The virus will attempt to download and execute a file from one of four predefined URLs.

W32/Qeds-A will disable Taskmanager and the registry tools before copying itself to the Windows system folder, and to the following locations as DHelp.dll.

<Windows folder>
<Windows system folder>
<Windows system folder>\wbem W32/Qeds-A is a virus for the Windows platform.

The virus will attempt to download and execute a file from one of four predefined URLs.

W32/Qeds-A will disable Taskmanager and the registry tools before copying itself to the Windows system folder, and to the following locations as DHelp.dll.

<Windows folder>
<Windows system folder>
<Windows system folder>\wbem

W32/Qeds-A will terminate any processes associated of the following executables and inject code into the files in order to cause itself to be executed when the infected file is executed:

<Windows system folder>\dllcache\notepad.exe
<Windows system folder>\dllcache\\explorer.exe
<Windows system folder>\dllcache\\iexplore.exe
<Windows system folder>\notepad.exe
<Windows folder>\notepad.exe
<Windows folder>\explorer.exe
\Program Files\Internet Explorer\iexplore.exe
<path to file>\QQexternal.exe
<path to file>\TIMPlatform.exe
<path to file>\BugReport.exe
<path to file>\QQ.exe
<path to file>\QQGame.exe

W32/Qeds-A will create or modify the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Management Instrumentation
"<executable name>"

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
"1"

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
"0"