Global websites

Press

In this section

W32/Qeds-B

Aliases	Trojan-Downloader.Win32.VB.kh
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Infected files
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	16 June 2005 21:23:30 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

Please contact technical support.

More Information

Summary
Action
More Information

W32/Qeds-B is a virus for the Windows platform.

W32/Qeds-B will download a data file from a predefined remote location. The virus may then attempt to download and run further executable files.

W32/Qeds-B will disable the Task Manager and registry editing tools.

W32/Qeds-B may copy itself to the Windows system folder. The virus will then set the following registry entry to run itself each time a user logs on:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPFW
wmimgr.exe

The following registry entry is set, disabling the registry editor (regedit):

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

The following registry entry is set, disabling Task Manager:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0

|

Get reports about the latest virus and spyware threats delivered to your computer