Shane
Sun Aug 15 23:47:40 CDT 2004
Apart from an on access scanner (such as AVG free edition) it's well worth
downloading and running both of these tools: McAfee Avert Stinger
http://download.nai.com/products/mcafee-avert/stinger.exe and Trend Micro
Sysclean (using Art Kopp's updater which, first time round, downloads the
entire program)
http://www.epix.net/%7Eartnpeg/SYS-UP.ZIP.
Run both once you've stopped qki.exe running at Startup. You might want to
configure them not to automatically clean - but that'd be a personal choice.
Sysclean uses the PC-cillin defs and, while it'll remove a large no. of
recent malwares, it'll identify tens of thousands more.
Shane
"Shane" <arthursixpence@hotmail.com> wrote in message
news:2oasb8F8ork2U1@uni-berlin.de...
> Somewhere is another file running, with the sole purpose of putting
qki.exe
> back. There *is* a Google result - in hungarian - suggesting it's
> Bugbear@MM.
>
> Boot to Safe Mode and try deleting it. If that's the only Startup entry,
> successfully deleting it will give you room to work because it won't
> reappear on reboot. If you can't delete from Safe Mode, ie the other file
is
> still running and qki.exe comes straight back, then boot to DOS using a
boot
> floppy from another machine and delete or rename (say to qki.bak, which
will
> retain it for scanning, identification, possible submission) qki.exe. Find
> the definitive location or locations first, obviously.
>
> When you've stopped it running at Startup, scan with an up-to-date
Antivirus
> scanner or two. If it's Bugbear@MM the scanner should detect any viable
> remnants (and the renamed file if you did rename rather than delete).
>
>
> Shane
>
>
>
>
>
> "Glenn Gartman" <egganacat@earthlink.net> wrote in message
> news:8FWTc.1184$3O3.653@newsread2.news.pas.earthlink.net...
> > I am tuning up my father's system (HP Pavilion with 1 GHz Athlon, 128 MB
> RAM
> > 40GB HD) and boy did he have some serious adware!
> >
> > I've been going through Registry and carefully deleting the junk that
> placed
> > itself on his system, and am curious about qki.exe. It keeps
perpetuating
> > itself into the Programs/ Startup folder. I've deleted it, and still
can't
> > kill the little (49.5kb) bugger. I had a hunch it might have something
to
> do
> > with C:\Windows\Applog cos there is a file there, qki.lgc, which I am
> > guessing is related in some way, and I'm interested in learning how. I
> > renamed the lgc file, deleted qki.exe but it still came back after
> > restarting.
> >
> > What's more, a search on google, cnet, et al shows nothing. Could it be
> > something Microsoft (nothing on their site) or HP (or some other OEM) in
> > fact provided?
> >
> > I've used a couple of programs to assist with the cleanup and none of
them
> > show it is as a known quantity.
> >
> > Besides wanting to know if it is something I should keep or kill,
how/when
> > would something re-create itself- on power down or power up? During
> > Msconfig.exe selective startup, if I uncheck it, it adds another version
> of
> > itself!
> >
> > Hope it's not a bug!
> >
> > Thanks,
> >
> > --
> > Glenn G.
> >
> >
> >
> >
>
>