Do you know what QuantLoader is?
If QuantLoader manages to crawl onto your system, you and your system will be an open book for your attackers. Our researchers inspected this dangerous Trojan program in our internal lab and found that it downloads yet another malware threat in the background, which is capable of lots of malicious operations on your system. These activities include keystroke logging, clipboard monitoring, password grabbing, and making screenshots. Obviously, most of these operations breach your privacy and put your system security at risk. There are a couple of ways for this Trojan to penetrate your system, which you need to know about to be able to avoid similar threats in the future. And, we are here to share with you what we have found out about this Trojan. We advise you to remove QuantLoader after you have finished reading our full report.
As we have mentioned, it is important that you understand how this dangerous threat can infiltrate your system so that you can avoid similar attacks. One of the possibilities is that an Exploit Kit like RIG drops this infection without your noticing it. This can happen when you get redirected to a malicious page armed with RIG. But, for this to work, your browsers or your drivers (Java and Flash) needs to be outdated since such kits can only exploit unpatched security bugs. This is why it is so important that you regularly update all your programs in fact if you do not want to end up having to delete QuantLoader or other infections from your PC.
Another popular way to distribute this dangerous Trojan to your system is via spam campaigns. Cyber criminals like to use this method because hundreds and thousands of potential victims can be reached at the same time. Of course, this spam needs to be convincing enough so that the receiving parties turn into victims. And, unfortunately, these spam e-mails can be very deceptive and make you believe that you are dealing with an urgent matter. This is why so many people decide to click on them to view the content. However, such a spam does not usually contain any specific or useful information about the alleged subject matter. Instead, you are led to believe that you need to see the attached file for details. Viewing this file, of course, means activating this Trojan. So, you will have to delete QuantLoader because of your curiosity.
After you run the downloaded program, it renames itself and makes a copy in your "%APPDATA%" directory. In fact, this Trojan creates an eight-digit code or user ID for you to serve as a folder name. So you will find this program running as "%APPDATA%\[user ID]\svchost.exe," which makes it even harder to identify and detect since several svchost.exe processes may be running if you check your Task Manager. This executable then downloads a dangerous malware, FormBook, which again renames itself and can have a dozen different names with prefixes like "ms, win, igfx, user, help, regsvc, services, chkdsk" as well as extensions like ".exe, .bat, .cmd, .scr" and this may make it a bit difficult for inexperienced users to identify it. This file may be copied to %USERPROFILE%, %APPDATA%, or %TEMP% directory. This malware program can do a lot of damage on your system, including spying on you and the following operations:
- Keystroke logging
- Clipboard monitoring
- HTTP/HTTPS/SPDY/HTTP2 form and network request grabbing
- Browser and email client password grabbing
- Capturing screenshots
- Bot updating
- Downloading and executing files
- Bot removing
- Launching commands via ShellExecute
- Clear browser cookies
- Reboot the system
- Shutdown the system
- Download and unpack ZIP archive
As you can see, this Trojan can cause serious harm by these malicious activities on your system. The longer you keep it on board, the more devastation it may cause you. This is why it is vital that you remove QuantLoader from your PC as soon as possible.
If you want to do a good job at eliminating this dangerous Trojan, you need to delete all the possible Run entries it may have created to autorun with Windows. Then, you can take care of all the files it uses to operate. Please use our instructions below carefully and only if you are experienced enough to edit the registry. Remember the importance of keeping all your programs updated to protect your system from possible cyber attacks. Also, it may be time for you to start employing a reliable malware removal application, such as SpyHunter.
QuantLoader removal from Windows
- Tap Win+R and enter regedit. Press OK.
- Delete the malicious value name (with the location of the malicious executable) file from the following Run keys:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Close your editor.
- Tap Win+E.
- Delete "%APPDATA%\Cookiescz7x.cmd" (This file may also have a different name and could be in the %USERPROFILE% or %Temp% folders)
- Scan your download folders (Desktop, Downloads, and %Temp%) and delete all suspicious executable files (e.g., "mfcgn2pl.exe" or "bilonebilo153.exe") you have recently saved.
- Empty your Recycle Bin and reboot your system.
In non-techie terms:
QuantLoader is a Trojan program that can slither onto your computer under the radar and perform its malicious operations without your knowledge. This dangerous infection downloads another malware named FormBook, which can then operate in the background breaching your privacy by spying on you, collecting data (e.g., passwords), and do all kinds of other unfortunate activities. You can infect your system with this threat via spam e-mails, malicious websites, and bad downloaders. This Trojan can autorun with Windows so whenever you restart your computer, it will be there doing its malicious operations in the background. You should act before it is too late. We recommend that you remove QuantLoader from your PC as soon as possible. May be it is time you start using a reliable anti-malware program to automatically protect your computer.