Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Qaz Worm

Information about Qaz worm:

                     QAZ is a network worm, spreads using shared network drives. The worm is 120320 bytes long {120KB} and written in Visual Basic C++. It is a companion type worm and won't infect other files. QAZ will infect only the shared drives within the network. This may be purposefully mailed to steal your valuable data.

                     When executed, it will search for Windows folder in the local system and network and copies to "notepad.exe". The original notpad.exe file is renamed to note.com. Then it modifies the registry entries to start automatically.

                     The noticeable property of this worm is its backdoor ability. Using this ability, the worm author can load and run additional programs to steal the data in the network. It also communicates with an IP address 202.106.185.107 and sends the infected machines IP details. It may be belongs to QAZ worm author's host.

                     Right now three variants of QAZ worm reported in the wild. Fire detects and removes all QAZ variants without problems.

Removing Qaz worm from your computer:

                     Fire has incorporated QAZ worm into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility.

                     You can check the system manually. This worm renames original notepad.exe to note.com. The presence of "note.com" ensures you are infected with this worm. A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Prognet Technologies Pvt. Ltd, Dec. 2000]

Go to top of the page
.