Qvo6 Hijacker

Posted: March 29, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	7,169
Threat Level:	5/10
Infected PCs:	36,396

First Seen:	March 29, 2013
Last Seen:	October 9, 2023
OS(es) Affected:	Windows

The Qvo6 hijacker is a browser hijacker that's promoted by Qvo6.com as a useful search-enhancing utility, even though Qvo6's real search-related features appear to be limited to redirecting PC users to popular search engines like Google. Installation methods for the Qvo6 hijacker appear to include many non-consensual methods, and although Qvo6.com does provide uninstallation instructions, these instructions may not remove all of the components of any particular Qvo6 hijacker. As a standard precaution against Qvo6 hijacker infections, malware researchers recommend using anti-malware programs to analyze and disinfect your PC whenever your browser redirects to Qvo6.com repeatedly – the defining symptom of all Qvo6 hijackers.

From Search Engine to Search Engine with Nary a Choice in the Matter

The Qvo6 hijacker is one of a virtually innumerable horde of browser hijackers that are used to promote obscure search engine websites. Unlike some search sites promoted thusly, SpywareRemove.com malware research team has found zero indications of Qvo6.com attempting serious attacks against your machine, such as drive-by-downloads or the promotion of fake PC security products. However, a browser hijacker promoting Qvo6.com does pose a problem, which affects all prominent browsers from Microsoft's Internet Explorer to Google's Chrome. Regardless of the browser that's being hijacked, the result always is the same: you're being redirected to Qvo6.com without your permission. Qvo6 may add the argument http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=&ts= to different web browser shortcuts and other non-internet applications. This may cause Qvo6 to open up when another hijacked shortcuts are accessed on an infected computer. Qvo6 may also be connected to other third-party applications like the Certified Toolbar on various web browsers.

For its half of the deal, Qvo6.com does not appear to have any functions besides redirecting would-be searchers to Google and similar search engines. Qvo6 hijackers tend to be installed without your permission and may be included in software bundles distributed through torrent-based networks and/or freeware websites. In some cases, you may be notified of a Qvo6 hijacker's installation and be allowed to refuse it, but such courtesies are far from universal. Many victims of Qvo6 hijacker attacks appear only to be aware of a Qvo6 hijacker's presence after their browser redirects to Qvo6.com, which, as mentioned beforehand, SpywareRemove.com malware experts don't consider to be a major danger to your computer. Qvo6 and the Qvo6.com generic search engine have been tied to PortaldoSites.com as being the publishing company.

Re-Railing Your Browser Towards Your Favorite Search Sites without the Qvo6 Hijacker Muddling the Matter

While Qvo6.com includes uninstallation instructions for removing its Qvo6 hijacker, SpywareRemove.com malware analysts don't recommend that you avail yourself of them; the majority of browser hijackers will leave setting changes and other components behind even after they're removed by the usual methods. However, appropriate anti-malware products can be a more surefire option for deleting a Qvo6 hijacker without leaving any unwanted files or settings on your PC after the fact. The Qvo6 hijacker, as stated earlier, isn't likely to expose you to hostile content. However, PC threats that install the Qvo6 hijacker also may install other forms of malware. Combating this risk is done most easily via qualified anti-malware programs that can detect any relevant PC threats in a thorough scan.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%TEMP%\eIntaller\85711E23AE47427bAAA87EB7BBA4EBE9\eXQ.exe

File name: eXQ.exe
Size: 460.34 KB (460344 bytes)
MD5: edcd457e9a88012c97f3946ac14993f8
Detection count: 103
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\eIntaller\85711E23AE47427bAAA87EB7BBA4EBE9
Group: Malware file
Last Updated: September 17, 2013

adks_ar_qvo6.exe

File name: adks_ar_qvo6.exe
Size: 489.55 KB (489552 bytes)
MD5: 4e6273221edf7559c439d35fe9eac94e
Detection count: 99
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 23, 2013

amt_ar_qvo6.exe

File name: amt_ar_qvo6.exe
Size: 93.77 KB (93776 bytes)
MD5: 3f580a0c95f82e4d126483c121055b98
Detection count: 97
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 2, 2013

qvo6.exe

File name: qvo6.exe
Size: 543.23 KB (543232 bytes)
MD5: a4c227701f45a8b12d5f92b8607b8d89
Detection count: 58
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 8, 2013

%TEMP%\eIntaller\BCA018E31ACD433795EE1854C270BC08\DProtect.exe

File name: DProtect.exe
Size: 1.42 MB (1423936 bytes)
MD5: acc378147807fd12136cfbde2f81af02
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\eIntaller\BCA018E31ACD433795EE1854C270BC08
Group: Malware file
Last Updated: September 17, 2013

Registry Modifications

The following newly produced Registry Values are:

CLSID{27588682-6FCC-4061-B2BB-7176E03359B8}{2EEFF6A3-9828-48F2-A7BF-1A5365D7DA32}HKEY..\..\{CLSID Path}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}File name without pathqvo6.lnkRegexp file mask%APPDATA%\qvo6.exe%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\qvo6.xml%PROGRAMFILES%\Mozilla Firefox\searchplugins\qvo6.xml%PROGRAMFILES(x86)%\Mozilla Firefox\browser\searchplugins\qvo6.xml%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\qvo6.xmlHKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Default_Page_URL" = "http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} "DisplayName" = "qvo6"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} "URL" = "http://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} "DisplayName" = "qvo6"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} "URL" = "http://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=0"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = "http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes "DefaultScope"" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command "(Default)" = ""C:\Program Files\Opera\Opera.exe" http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera.exe\shell\open\command "(Default)" = ""C:\Program Files\Opera\Opera.exe" http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command "(Default)" = ""C:\Program Files\Safari\Safari.exe" http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SEAMONKEY.EXE\shell\open\command "(Default)" = "C:\Program Files\SeaMonkey\seamonkey.exe http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Default_Page_URL" = "http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Start Page" = "http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=1370975758"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "CustomizeSearch" = "http://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "SearchAssistant" = "http://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=sg9ad64b62-231b0130&ts=0"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONHKEY_LOCAL_MACHINE\SOFTWARE\qvo6SoftwareHKEY..\..\..\..{RegistryKeys}Software\Microsoft\Internet Explorer\DOMStorage\qvo6.comSOFTWARE\Microsoft\Tracing\qvo6i_RASAPI32SOFTWARE\Microsoft\Tracing\qvo6i_RASMANCSSOFTWARE\Microsoft\Tracing\wpc_ar_2013829113027_qvo6_RASAPI32SOFTWARE\Microsoft\Tracing\wpc_ar_2013829113027_qvo6_RASMANCSSOFTWARE\qvo6SoftwareSOFTWARE\Wow6432Node\Microsoft\Tracing\Qvo6_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\Qvo6_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\qvo6i_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\qvo6i_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\TrayDownloader_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\TrayDownloader_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\wpc_ar_2013829113027_qvo6_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\wpc_ar_2013829113027_qvo6_RASMANCSSOFTWARE\Wow6432Node\qvo6SoftwareHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}qvo6 Browser Protecter

Additional Information

The following URL's were detected:

http://qvo6.com/web?q=

4 Comments

anne-mette says:

May 9, 2013 at 11:10 am

Det Qvo6.com Blokker min hotmail side spå jeg ikke kommer inn kan dere ta vekk Qvo6.com.
Dag Arnfinn Moan says:

May 11, 2013 at 1:03 pm

is up when I open up internet explorer
lecomte alain says:

February 1, 2014 at 2:02 pm

and about awesomehp virus ??? does your system work ???
Gus says:

February 27, 2015 at 1:09 pm

Is probleem van blokkering door checkadultcontent.com bekend?
Zoja, wat is er tegen te doen.