Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


MQBKUP.EXE PROCESS INFORMATION

Process Name  : Mqbkup.exe

Process Path : %WINDOWS%\Mqbkup.exe [ C:\Windows\mqbkup.exe ]

Process type    : Network Worm

Malware Name : Worm/Opaserv

Alias             : Opaserv.K, WORM_OPASERV_K, W32.Opaserv.Worm

Threat level : Low

Process Details

                     Mqbkup.exe belongs to Opaserv.K worm. It is a modified variant of Opaserv worm, spreads using shared network drives. Opaserv.K infects only the network shares and it will not spread using e-mail attachments. It contains a destructive payload, when executed it will overwrite all the hard disk sectors.

                     Opaserv.K modifies the registry entries to start automatically. The registry modification will be HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run= Mqbkup or qbkupdbs. In case of remote infection, it modifies WIN.INI to load automatically on the next startup.

                     When executed, it searches for Windows folder in the local system and copies to "Mqbkup.exe". The worm also creates the files C:\Boot.exe and C:\Mslicenf.com. The worm uses C:\AUTOEXEC.BAT to load these files automatically. Mslicenf.com is a destructive file. When executed on the next startup, it destroys the hard disk data by overwriting all the starting sectors with its own copy.

Opaserv.K also displays this message:

Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium Copyright Act!
Your unauthorized license has been revoked.
For more information, please call us at:
1-888-NOPIRACY
If you are outside the USA, please look up the correct contact information
on our website, at:
www.bsa.org
Business Software Alliance
Promoting a safe & legal online world.

                     This worm is also known as Worm/Opaserv.K, W32.Opaserv.M.Worm, WORM_Opaserv.K. Solo detects and removes all Opaserv variants without problem.

How can I protect my system?

                   Solo has incorporated mqbkup.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/technet/security/bulletin/MS00-072.asp . Then run Solo anti-virus and choose Delete option to remove the worm components.

                   Opaserv is a network aware worm. If you are connected with network, you have to remove worm from all the machines connected with network at one stretch to avoid re-infection. Also password protect your C drive share or set the C drive share to read only access. Right click on the C drive in the Windows explorer and password protect your network share. Then edit your C:\Windows\win.ini file and remove the line run=c:\Windows\Mqbkup.exe,c:\Windows\Brasil.exe,c:\Windows\Brasil.pif,
c:\Windows\marco!.scr, c:\windows\scrsvr.exe,c:\windows\instit.bat.

                   Solo antivirus can detect and remove Mqbkup.exe safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link