Troj/Agent-QDK Virus

“Troj/Agent-QDK” is the detection name given by the Sophos antivirus software for a specific type of Trojan malware that has the potential to infect computers running a Windows operating system. Sophos first began providing protection against this Trojan on January 25, 2011. People who use Avira's antivirus service may better know the Troj/Agent-QDK malware as the “TR/Crypt.XPACK.Gen3” Trojan, which Avira first discovered in August of 2009. Different virus-protection services often have different detection names for the same malware.

According to Sophos, what it refers to as Troj/Agent-QDK malware falls under the category of Trojan spyware because it is seemingly legitimate software designed to surreptitiously gather personal information from an infected computer and relay it to a third-party computer over the internet.

The prevalence of the Troj/Agent-QDK malware is relatively low, as is its general damage potential. However, it can disrupt a computer’s performance, block operations and expose your private information to third parties. The Troj/Agent-QDK execution file generally copies itself to the infected computer's “C:\...\Local Settings\Temp” folder. It also creates processes within the computer’s System 32 folder, modifies hidden “Local Settings” files, and creates and modifies several settings within the “HKEY_USERS” and “HKEY_CURRENT_USER” root directory registry keys.

If your computer’s antivirus software is having difficulty successfully deleting the Troj/Agent-QDK malware from the system, reboot the computer in Safe Mode, disable System Restore and then use your antivirus software to delete the Trojan.

To manually delete the Troj/Agent-QDK malware and undo the changes it has made to your computer’s system, you must first disable the malware’s active processes. There are two ways of doing this. One way is to open Windows Task Manager, go to the “Processes” tab, and select and end any nonessential or unusual process. To ascertain whether a process is legitimate, use a different computer to search for the name of the process online to see what you can learn about it. Another way to disable the malware’s active processes is to simply reboot the computer in Safe Mode. Only essential processes load during a Safe Mode boot.

Once you have disabled the Troj/Agent-QDK malware’s active processes, you can delete the errant Trojan execution file from the current user’s “Temp” folder. To reverse the changes made to the system’s registry keys, a computer administrator should perform a System Restore to reset the computer’s critical system files and registry settings to an earlier time before the computer became infected with the Troj/Agent-QDK malware. After the Trojan malware has been successfully deleted and the registry settings repaired, disable System Restore to delete the currently saved restore points. This prevents the possibility of restoring the infected settings. Once the restore points have been deleted, reactivate System Restore so that your computer's system can successfully create new restore.

If your computer’s antivirus software presents an alert that it has detected the Troj/Agent-QDK, you should eliminate the threat in one way or another for the safety of your computer and your private information.

At TopTenREVIEWS We Do the Research So You Don’t Have To.™