We received the file HQFORM.OCX and detected that HQFORM.OCX is not good.
HQFORM.OCX is Adware. You should remove the file HQFORM.OCX.
Kill the process HQFORM.OCX and remove HQFORM.OCX from Windows.
Malware Analysis of HQFORM.OCX
Full path on a computer: %WinDir%\Downloaded Program Files\hqform.ocx
Detected by UnHackMe:
HQFORM.OCX
Default location: %WinDir%\Downloaded Program Files\hqform.ocx
Removal Results: Success
Number of reboot: 1
HQFORM.OCX is known as:
Adware.UBar.u3ovYIOyFDM, not-a-virus:AdWare.UBar.if, UBar, Adware.UBar.IF, Adware.UBar, AdWare.UBar.if, not-a-virus:AdWare.UBar
HQFORM.OCX hash:
- MD5: 1562a162322a65da30769088b2608981
How to quickly detect HQFORM.OCX presence?
Registry:
- HKLM\Software\Classes\CLSID\{3D1DF513-AF71-4D26-BEAE-15EA88B07398}\InprocServer32\: “%WinDir%\DOWNLO~1\FILEBR~1.OCX”
- HKLM\Software\Classes\CLSID\{9FB6F190-E8BF-4D17-8B12-1AB5BDFE7BB0}\InprocServer32\: “%WinDir%\DOWNLO~1\FILEBR~1.OCX”
- HKLM\Software\Classes\CLSID\{A806F6BB-473C-4EF2-B7E0-8EE15F781AC4}\InprocServer32\: “%WinDir%\DOWNLO~1\hqext.ocx”
- HKLM\Software\Classes\CLSID\{E593373C-B16E-4F66-9D98-A82E59333622}\InprocServer32\: “%WinDir%\DOWNLO~1\hqform.ocx”
- HKLM\Software\Classes\CLSID\{FE70C9C0-FB4D-4225-A50D-F967EC8FC54A}\InprocServer32\: “%WinDir%\DOWNLO~1\hqext.ocx”
Folders:
- %Temp%\RarSFX0
Files:
- %Temp%\RarSFX0\AtxSetup.exe
- %WinDir%\Downloaded Program Files\fileBrowse.ocx
- %WinDir%\Downloaded Program Files\hqext.inf
- %WinDir%\Downloaded Program Files\hqext.ocx
- %WinDir%\Downloaded Program Files\hqform.ocx
- %SysDir%\hqpub.dll
- %SysDir%\organisation.dll
- %SysDir%\RunScan.exe
- %SysDir%\WebScan.dll