Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible virus - please help

  • Please log in to reply
No replies to this topic

#1 reilluocram


  • Members
  • 1 posts
  • Gender:Male
  • Location:Florida
  • Local time:07:42 PM

Posted 06 February 2010 - 11:59 AM

Last night it appeared I had picked up a virus. I received several warnings from Trend Micro about attempts to modify access settings. An unknown product, Virus Soft?, started popping messages up. They read something like "Your computer has been infected by a virus, do you want to download virus remover?" This is only a vague description of the message, I was busy scrambling to shut down my PC. When I tried to enter safe mode, I failed and it came up normally. I was able to run a Trend Micro virus scan, but it found nothing. Windows defender found the following in my startup programs:

File Name: qwcpsftav.exe
Display Name: qwcpsftav.exe
Description: Not Available
Publisher: Not Available
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Documents and Settings\Owner\Local Settings\Application Data\qtgman\qwcpsftav.exe
File Path: C:\Documents and Settings\Owner\Local Settings\Application Data\qtgman\qwcpsftav.exe
File Size: 279808
File Version: Not Available
Date Installed: 2/5/2010 5:43:46 PM
Startup Type: Registry: Local Machine (also Current User)
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Disabled
Ships with Operating System: No
SpyNet Voting: Not Available

I disabled the files. I looked for qwcpsftav and qtgman using Foxfire, but found no related references with Google.

The virus appears to be dormant or eradicated by Trend Micro (no references in the logs). However I cannot connect to any sites using unsecured HTTP using IE6 (initially) and later IE8 (after install). HTTPS sites work fine!

I would appreciate any help. Thanks in advance, Larry

Edit: Moved topic from XP to the more appropriate forum. ~ Animal
HP Pavilion a462x, Pentium 4 3.00GHz, 512MB RAM, 120GB HDD, 500GB Ext. FreeAgent HDD,
Windows XP Home SP3, wired ethernet, Trend Micro Internet Security, Firefox

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users