| Name: | Qaz |
| Aliases: | Worm.Qaz, W32.HLLW.Qaz, Notepad, W32/QAZ.worm, Note.com,Qazwsx, W95/Qaz, |
| Ports: | 137 (UDP), 139, 7597 (ports can not be changed) |
| Files: | Qaz.zip - 40,548 bytes Qaz trojan notepad.exe - 120,320 bytesNotepad.exe - 120,320 bytes Qazwsx.hsq - Note.com - [53 kb] -119,296 bytes - 120,297 bytes - 122,880 bytes |
| Created: | July 2000 |
| Requires: | |
| Actions: | Remote Access / Downloading trojan / Worm / Network trojan |
| It mails the IP-address of the infected computer, probably to the sender. Qaz loads every time the user launches Notepad as Qaz has taken the original Notepadīs place. It propagates to all shares on the network with Full Access privileges granted. | |
| Versions: | |
| Registers: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ |
| Notes: | Works on Windows 95, 98, ME, NT and 2000. |
| Country: | written in China |
| Program: | Written in Visual C++. |