Help! Win32/Qoologic Trojan!


Anyone knows how to solve this problem?

It come up everytime the laptop wants to
access the hard disk or C Drive especially.

  • SaM

i think it is just a pop up directing u to download some kind of shareware…

Yes it is, but it keeps coming up and when
I close it it comes up again especially when
using IE and accessing my hard disk…

Come up and up and up and up which is very
annoying that’s why I came for help…

try turn on your pop up blocker…

try la… not sure if this will works…

someone else might be able to help if this can’t work now… :lol:

It is on…

I suspect the damn thing is
inside my com liaw that’s why
having difficulties removing it.

Even I use Spybot and Ad-Aware
2007 and AVG AV all fully updated
also cannot…


sam… arr… nothing much i can do for u now… just have to wait for some others to give u a hand and in the same time, I might be able to learn from others as well… :lol:

Stay tune brother…

I know thanks anyway ‘ah say’…

Where’s ian when I need him?

Top Earner, do you have a firewall?

AVG is not recommended either, Antivir is free antivirus of choice nowdays

Qoologic is an Adware Trojan that displays pop-ups and slows your PC to a crawl in some cases. It can also download other various types of malware. There are many variants and like most specific malware it is all but impossible to remove without the correct tools. Please see this article for in depth information regarding the capabilities of the Qoologic Trojan.

Before proceeding further into this fix you should check to see if you also have a Look2Me pop-up infection along with the Qoologic (please see the sticky “Look2Me pop-up infection removal guide” by Trogan_1000 for details about Look2Me). If a Look2Me infection exists then you have to fix it first. The Qoologic fix won’t work if a Look2Me is present in your log without first fixing the Look2Me.

Qoologic can be identified by entries like those below in your log. Keep in mind these are examples:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32 nqyr.exe<—File name is always random.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ejwddho. exe<—File name is always random.

You will also likely see one or more 04 entries that look like this:

O4 - HKCU…\Run: [fexci] C:\WINDOWS\system32\jpmihe.exe reg_run<—File and process name are random.

The following line is usually the kicker since most, but not all, Qoologic infections contain this line. The file dmonwv.dll is one filename within the Qoologic infection that doesn’t change and shows in the log as an 09-Extra button and 09-Extra ‘Tools’ menuitem. Note the lines below:

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra ‘Tools’ menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

One of our other members here at Short-Media passed along this automated fix to me. With the emergence of several infected logs recently I felt it only pertinent to post this to help any user with a Qoologic infection. Remember to check for a Look2Me infection first and then check your Hijack This log for the above signs of Qoologic. If Qoologic is identified follow the steps below:

================================================== =

Please download Brute Force Uninstaller to your desktop.

* Right-click the BFU folder on your desktop, and choose Extract All
* Click "Next"
* In the box to choose where to extract the files to,
* Click "Browse"
* Click on the + sign next to "My Computer"
* Click on "Local Disk ( C: ) or whatever your primary drive is
* Click "Make New Folder"
* Type in BFU
* Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose “Save As” (in IE it’s “Save Target As”) in order to download QooFix.bat by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder’s, then double-click on QooFix.bat.
Choose option #1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.

================================================== =

This should take care of any Qoologic infection you may have. It will also automatically get rid of the above Hijack This entries. At any point however, if you feel you need assistance or the Hijack This entries don’t go away, please post your log in the forum and one of us will help you as soon as we can.

[quote=“TopEarner”]I know thanks anyway ‘ah say’…

Where’s ian when I need him?[/quote]

Hi Samuel, sorry I wasn’t around.

I’d suggest you try the method linked by Big Boss. Anytime there is an infection that your AntiVirus can’t get rid of, best to borrow/steal/buy a clean computer and search for a solution on the web. At least the trojan is kind enough to tell you what its name is…

You can also take out the HDD and scan / remove it on another computer with an updated Antivirus.

In fact, the word “antivirus” is an oxymoron. The virus has to exist prior to the antivirus, therefore it isn’t “anti” any viruses at all.

It’s not the most elegant solution in the world, but you’ll learn a lot.

You might also want to avoid using IE unless necessary and get the most current update Windows, and stay behind a firewall (keeping it up to date as well).

Yeah, it keeps bugging me with the pop-ups…

First time having problems with viruses or
spywares in after like, 5 years?

Maybe cos that day trying to watch the Hoang
Thuy Linh video online that’s why…

Serves me right… LOL