Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Quicky Translator

- - - - -
Started by Metallica , Nov 11 2015 03:04 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 11 November 2015 - 03:04 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Quicky Translator?

The Malwarebytes research team has determined that Quicky Translator is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Quicky Translator?

You may see this entry in your list of installed programs:

warning4.png

and this proxy in IE under Internet options > Connections > LAN settings > proxy server > Advanced :

warning1.png

and these icons in your taskbar and onk your desktop:

icons.png

and these Tech Support Scam pop-ups:

warning2.png

warning3.png


How did Quicky Translator get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Quicky Translator?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
If your computer or screen are locked up by the pop-ups, reboot into safe mode to run the removal process outlined below.
Choose "Safe Mode with Networking" if you haven't installed or updated Malwarebytes Anti-Malware yet.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Quicky Translator?
  • No, Malwarebytes' Anti-Malware removes Quicky Translator completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Quicky Translator adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

You will see these signs in a HijackThis log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:44445;https=127.0.0.1:44445
O4 - HKCU\..\Run: [QuickyTranslator] C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe
O23 - Service: JsSetterUtility2 - Unknown owner - C:\Windows\Quicky Translator\Quicky Translator\Setter.exe
You may see these signs in FRST logs:
 () C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe
 () C:\Windows\Quicky Translator\Quicky Translator\Setter.exe
 HKCU\...\Run: [QuickyTranslator] => C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe [688128 2015-11-06] ()
 ProxyEnable: [.DEFAULT] => Proxy is enabled.
 ProxyServer: [.DEFAULT] => http=127.0.0.1:44445;https=127.0.0.1:44445
 ProxyEnable: [{USERID}] => Proxy is enabled.
 ProxyServer: [{USERID}] => http=127.0.0.1:44445;https=127.0.0.1:44445
 R2 JsSetterUtility2; C:\Windows\Quicky Translator\Quicky Translator\Setter.exe [15872 2015-10-23] () [File not signed]
 C:\Users\{username}\Desktop\Quicky Translator.lnk
 C:\Windows\Quicky Translator

Quicky Translator 1.00 (HKLM-x32\...\Quicky Translator 1.00) (Version: 1.00 - Quicky Translator)
FirewallRules: [{657177C4-D997-4E3D-9DB6-991C00FAF73F}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exe
FirewallRules: [{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exe
FirewallRules: [{A2CAF13A-98DF-4169-BD50-2F455AE00076}] => (Allow) LPort=44445
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    In the existing folder C:\Users\{username}\Desktop
       Adds the file Quicky Translator.lnk"="11/11/2015 08:39, 2198 bytes, A
    Adds the folder C:\Windows\Quicky Translator\Quicky Translator
       Adds the file FiddlerCore.dll"="20/09/2013 02:33, 353280 bytes, A
       Adds the file Hopstarter-Soft-Scraps-Button-Refresh.ico"="18/10/2015 18:21, 236022 bytes, A
       Adds the file InstallUtil.InstallLog"="11/11/2015 08:39, 680 bytes, A
       Adds the file Interop.NetFwTypeLib.dll"="06/10/2015 19:26, 19456 bytes, A
       Adds the file quicky.exe"="07/09/2015 21:36, 11417600 bytes, A
       Adds the file RavSoft.GoogleTranslator.exe"="06/11/2015 20:23, 688128 bytes, A
       Adds the file Setter.exe"="24/10/2015 00:48, 15872 bytes, A
       Adds the file Setter.InstallLog"="11/11/2015 08:39, 735 bytes, A
       Adds the file Setter.InstallState"="11/11/2015 08:39, 7466 bytes, A
       Adds the file Uninstall.exe"="11/11/2015 08:39, 334398 bytes, A
       Adds the file Uninstall.ini"="11/11/2015 08:39, 3211 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quicky Translator 1.00]
       "DisplayIcon"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe"
       "DisplayName"="REG_SZ", "Quicky Translator 1.00"
       "DisplayVersion"="REG_SZ", "1.00"
       "EstimatedSize"="REG_DWORD", 12758
       "InstallDate"="REG_SZ", "20151111"
       "InstallLocation"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\"
       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\"
       "Language"="REG_DWORD", 1033
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Quicky Translator"
       "UninstallString"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe"
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\JsSetterUtility2]
       "DelayedAutostart"="REG_DWORD", 0
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Windows\Quicky Translator\Quicky Translator\Setter.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
       "{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|"
       "{657177C4-D997-4E3D-9DB6-991C00FAF73F}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|"
       "{A2CAF13A-98DF-4169-BD50-2F455AE00076}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=44445|Name=SetterPort44445|"
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
       "ProxyEnable"=REG_DWORD, 1
       "ProxyOverride"="REG_SZ", "<-loopback>"
       "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
       "ProxyEnable"=REG_DWORD, 1
       "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "QuickyTranslator"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2015
Scan Time: 09:02
Logfile: mbamQuickyTranslator.txt
Administrator: Yes

Version: 2.2.0.1020
Malware Database: v2015.11.11.02
Rootkit Database: v2015.11.04.02
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307657
Time Elapsed: 4 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, 3764, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a]
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, 2984, Delete-on-Reboot, [893593e986053ff763a2edea956e956b]

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Quicky Translator 1.00, Quarantined, [3886f08c29627bbb96703b9c71922bd5], 
PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JSSETTERUTILITY2, Quarantined, [56680b716e1dea4cc0477f5831d2f60a], 

Registry Values: 2
PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JsSetterUtility2|ImagePath, "C:\Windows\Quicky Translator\Quicky Translator\Setter.exe", Quarantined, [56680b716e1dea4cc0477f5831d2f60a]
PUP.Optional.QuickyTranslator.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QuickyTranslator, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Quarantined, [893593e986053ff763a2edea956e956b]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], 

Files: 13
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.exe, Quarantined, [6b539be1b7d4d363965ffb4dd927df21], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.lnk, Quarantined, [6856b7c5236855e10ff55384bc4737c9], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Delete-on-Reboot, [893593e986053ff763a2edea956e956b], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\FiddlerCore.dll, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Hopstarter-Soft-Scraps-Button-Refresh.ico, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\InstallUtil.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Interop.NetFwTypeLib.dll, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\quicky.exe, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallState, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe, Quarantined, [dee0344879128caa791788f932d0e41c], 
PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.ini, Quarantined, [dee0344879128caa791788f932d0e41c], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.