Aliases: Win32.HLLW.Qaz, Worm.Qaz, W32/QAZ.worm
Win32/Qaz is a worm written in Microsoft Visual C++. Its
size is 120320 bytes. The worm operates in the environment of the operating system Windows and is able to spread by means of the local computer network. The worm contains a code which enables remote control of the infected computer.
After it is run the worm Win32/Qaz creates an item "startIE" with the value "name of the file with the worm qazwsx.hsq" in the system registry in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Doing so, the virus ensures its activation after the operating system is started. While the worm is active in memory it runs two processes.
The worm searches through shared disks and looks for the string "WIN" in the path. If it finds a directory like that it checks for the presence of the file notepad.exe in it. It renames the file to note.exe a copies itself into the file
notepad.exe. If someone executes the file notepad.exe on such a computer
connected to the network the computer will be infected by the worm.
The second activity of the worm is the following: the worm can write a file from the Internet to the attacked computer, execute such a file or terminate the
execution of the worm remotely. The worm sends an email message to its author. The message contains the IP address of the attacked
system to allow the author to use that feature.
PROTECT YOUR COMPUTER!
ESETs NOD32 antivirus software provides comprehensive, easy-to-use, and affordable protection from todays and tomorrows threats. We put the malware expert inside the software, so you don’t have to become one.
DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE
