CWS.QTTasks

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by azsnshine, Sep 23, 2006.

  1. azsnshine

    azsnshine Private E-2

    When I do a spyware scan with my Cox security suite it says I have a highjacker CWS.QTTasks that it can't remove.

    I have read and followed the "read and run me first" and everything came up clean. When I ran bitdefender it said "bitdefender failed to update the virus definitions, although it might be possible to check for viruses the result will probably be inaccurate". After the sccan it said no problems were found. I have the logs from activescan.txt, getrunkey.bat, newfiles.txt and hijackthis. I will send the first 3 mentioned first.

    Thanks in advance for your help!
     

    Attached Files:

  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Please also attach the other logs as they are needed.
     
  3. azsnshine

    azsnshine Private E-2

    Here is the HJT log.....all others were clean so I did not save them.
     

    Attached Files:

  4. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    << The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

    Using Add or Remove Programs in the Control Panel; uninstall the following:
    Empty the Authentium Quarantine.
    Empty thte Recycle Bin.
    Run CCleaner.

    HijackThis is not installed and named per our tutorial. You have it here: C:\Program Files\analyse.exe\HijackThis.exe. HijackThis needs to be in the following location: C:\Program Files\HJT\analyse.exe.

    Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:
    Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

    Otherwise your system does not appear to be infected.

    Please post a log from teh Cox Security Suite. So, I can see what it is finding and where.
     
  5. azsnshine

    azsnshine Private E-2

    I updated Java. I'm not sure what you mean by "empty the authentium quarantine" but I had several things in the quarantine on adaware and deleted it all, emptied the recycle bin and ran ccleaner. I think I reinstalled HJT correctly this time, checked the 2 boxes you told me to check and clicked on "fix checked".

    This is what I get from the cox security suite when I do a spyware scan:

    Type of spyware: Hijacker
    Description: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077875
    Threat: confidentiality, productivity

    Spyware Pieces:
    Registry: hkey_current_user \software\microsoft\windows\currentversion\run\quicktime task
     
  6. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    False Positive

    This is the Registry Key that Spybot is alerting on:
    HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    This is not the CWS.QTTasks hijacker. The file for this threat is located at C:\Windows\qttasks.exe

    The file and path listed in your registry is the valid Quicktime Task file from Apple.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds