Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

qucltocr.dll is keeps on coming and showing as trojan what to do?


  • Please log in to reply
13 replies to this topic

#1 s281975

s281975

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 March 2013 - 12:42 AM

Friends,

 

OS: winxp sp3

 

I am keep on getting an alert message from mcafee that qucltocr.dll is not deleted and not cleaned.

i deleted with dellater program. but again after 1 or  2 days, i am getting the same message from mcafee....what should i do now?

 

thanks

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 11 March 2013 - 06:41 AM

Did McAfee provide a log or a specific file(s) name associated with the malware threat(s) detected and if so, where is it located (full file path) at on your system?

You may also want to get a second opinion on the detection. Go to one of the following online services that analyzes suspicious files:-- In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 12 March 2013 - 11:46 PM

Hi...thanks for your reply.

Below is the log from mcafee....

 

3/13/2013 10:13:05 AM Delete failed (Clean failed) CIET-6A23C27DC2\PA C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\qucltocr.dll Generic Downloader.x!ddi (Trojan)

 

And not able to zip that file and not able to upload that file to any of the virus scan which you mentioned in your reply.

 

whats next pls?



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:48 PM

Posted 12 March 2013 - 11:59 PM

That looks like malicious dll.This dll redirects your webpages and disables security center.This file is usually hidden

 

Go to C drive

 

Launch Tools-folder options.Click on View tab,scroll down

 

Checkmark Show hidden files

uncheck hide operating system files and folders

 

click ok

 

Copy this file C:\WINDOWS\system32\qucltocr.dll to desktop

 

You should be able to upload the file now.



#5 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 07 April 2013 - 05:19 AM

Sorry for the delayed reply.

I tried in all the ways including your tips.

but i am not able to copy it in the desktop and also not able to upload it to the virusscan sites.

i installed "spybot search and destroy" even though i am not able to copy it.

also my pc is having mcafee.

is mcafee is locking the file?

and when every i boot the pc...i am getting the cscript.exe and command.com pops up automatically.

 

what should i do now?

 

thanks



#6 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 April 2013 - 02:59 AM


Filename:	qucltocr.dll
Status:	
Scan finished. 3 out of 22 scanners reported malware.
Scan taken on:  	Fri 19 Apr 2013 09:52:01 (CET)
avira.gif
2013-04-19 TR/Trash.Gen

 

drweb.gif
2013-04-19 Trojan.Damaged.1

 

sophos.gif
2013-04-19 Mal/BHO-C

 

whats next?



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 19 April 2013 - 06:28 AM

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 19 April 2013 - 06:46 AM

If Malwarebytes Anti-Malware does not detect and remove that file, use its FileAssassin feature for removing stubborn malware files.
  • Open Malwarebytes, go to the "More Tools" tab and click on "FileASSASSIN" to download and save it to your desktop.
  • Double-click on fileassassin-setup to install and run the tool.
  • Drag the following file into the text area or click the (...) button and browse to its location.
    • C:\Windows\system32\qucltocr.dll <- this file
  • When you find the file, click on it to highlight, then select Open.
  • Check the box "Use delete on Windows reboot functions".
  • Click the Execute button.
  • If prompted to reboot, then do so immediately.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to remove highly persistent files. Using it incorrectly could lead to serious problems with your operating system if removing a critical file.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 21 April 2013 - 11:43 PM

Sorry.....before 10 days itself..i have downloaded malwarebytes antimalware and checked for the spam. it detected some and i deleted those spams.

Today,  again i am running the scanner. And below is the details of the log file which you asked.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.04.22.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
PA :: CIET-6A23C27DC2 [administrator]
 
Protection: Enabled
 
22-Apr-2013 9:30:06 AM
mbam-log-2013-04-22 (09-30-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369162
Time elapsed: 33 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NofolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 6
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

 

and also...sometimes two files are coming automatically into the CD rom and saying ..that you are about to write those pending files. (one is some auto.ini file and another one is something starts with fd...exe.

And also there is another file CScript.exe is executing whenever pc boots. not a single, some 6 windows are opening  and i am closing those programs manually. what should i do now?

 

 

thanks.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 22 April 2013 - 07:00 AM

Malwarebytes did not detect qucltocr.dll...at least in the log you posted. Did you use FileAssassin to remove it as previously instructed?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 22 April 2013 - 11:06 PM

actually, the file qucltocr.dll was cleared already by malwarebytes.

Anyways...i just deleted that file without any programs like dellater or fileassassin.

now what should i do?



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 23 April 2013 - 08:01 AM

Is the alert message from Mcafee regarding qucltocr.dll now gone?

Any other issues going on?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 s281975

s281975
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 April 2013 - 12:11 AM

once i install malwarebytes before 1 week...it scanned and cleared the virus from qucltocr.dll

from that time onwards i am not getting a message from mcafee..

now i have 2 other issues.

 

1. when ever i boot the pc, cscript.exe is executing automatically...in many windows...i dont know what is that?

2. suddenly auto.ini and another file is about to write in a CD. I am getting a message that those 2 files are ready to write in a CD.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 24 April 2013 - 07:59 AM

Using the command-based script host (CScript.exe)
CScript.exe parameters

However, it is not uncommon for malware to have the same name as a legitimate file. Since you were dealing with a malware issue...I recommend a more comprehensive look at your system. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, it would be helpful if you replied back in this thread with a link to the new topic so we can closed this one. Good luck and be patient.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users