What is Quicky Translator?
The Malwarebytes research team has determined that Quicky Translator is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Quicky Translator?
You may see this entry in your list of installed programs:
and this proxy in IE under Internet options > Connections > LAN settings > proxy server > Advanced :
and these icons in your taskbar and onk your desktop:
and these Tech Support Scam pop-ups:
How did Quicky Translator get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Quicky Translator?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
If your computer or screen are locked up by the pop-ups, reboot into safe mode to run the removal process outlined below.
Choose "Safe Mode with Networking" if you haven't installed or updated Malwarebytes Anti-Malware yet.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Quicky Translator completely.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Quicky Translator adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:44445;https=127.0.0.1:44445 O4 - HKCU\..\Run: [QuickyTranslator] C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe O23 - Service: JsSetterUtility2 - Unknown owner - C:\Windows\Quicky Translator\Quicky Translator\Setter.exeYou may see these signs in FRST logs:
() C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe () C:\Windows\Quicky Translator\Quicky Translator\Setter.exe HKCU\...\Run: [QuickyTranslator] => C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe [688128 2015-11-06] () ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:44445;https=127.0.0.1:44445 ProxyEnable: [{USERID}] => Proxy is enabled. ProxyServer: [{USERID}] => http=127.0.0.1:44445;https=127.0.0.1:44445 R2 JsSetterUtility2; C:\Windows\Quicky Translator\Quicky Translator\Setter.exe [15872 2015-10-23] () [File not signed] C:\Users\{username}\Desktop\Quicky Translator.lnk C:\Windows\Quicky Translator Quicky Translator 1.00 (HKLM-x32\...\Quicky Translator 1.00) (Version: 1.00 - Quicky Translator) FirewallRules: [{657177C4-D997-4E3D-9DB6-991C00FAF73F}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exe FirewallRules: [{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exe FirewallRules: [{A2CAF13A-98DF-4169-BD50-2F455AE00076}] => (Allow) LPort=44445Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Users\{username}\Desktop Adds the file Quicky Translator.lnk"="11/11/2015 08:39, 2198 bytes, A Adds the folder C:\Windows\Quicky Translator\Quicky Translator Adds the file FiddlerCore.dll"="20/09/2013 02:33, 353280 bytes, A Adds the file Hopstarter-Soft-Scraps-Button-Refresh.ico"="18/10/2015 18:21, 236022 bytes, A Adds the file InstallUtil.InstallLog"="11/11/2015 08:39, 680 bytes, A Adds the file Interop.NetFwTypeLib.dll"="06/10/2015 19:26, 19456 bytes, A Adds the file quicky.exe"="07/09/2015 21:36, 11417600 bytes, A Adds the file RavSoft.GoogleTranslator.exe"="06/11/2015 20:23, 688128 bytes, A Adds the file Setter.exe"="24/10/2015 00:48, 15872 bytes, A Adds the file Setter.InstallLog"="11/11/2015 08:39, 735 bytes, A Adds the file Setter.InstallState"="11/11/2015 08:39, 7466 bytes, A Adds the file Uninstall.exe"="11/11/2015 08:39, 334398 bytes, A Adds the file Uninstall.ini"="11/11/2015 08:39, 3211 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASAPI32] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASMANCS] "ConsoleTracingMask"="REG_DWORD", -65536 "EnableConsoleTracing"="REG_DWORD", 0 "EnableFileTracing"="REG_DWORD", 0 "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing" "FileTracingMask"="REG_DWORD", -65536 "MaxFileSize"="REG_DWORD", 1048576 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quicky Translator 1.00] "DisplayIcon"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe" "DisplayName"="REG_SZ", "Quicky Translator 1.00" "DisplayVersion"="REG_SZ", "1.00" "EstimatedSize"="REG_DWORD", 12758 "InstallDate"="REG_SZ", "20151111" "InstallLocation"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\" "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\" "Language"="REG_DWORD", 1033 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Quicky Translator" "UninstallString"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\JsSetterUtility2] "DelayedAutostart"="REG_DWORD", 0 "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\Windows\Quicky Translator\Quicky Translator\Setter.exe"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|" "{657177C4-D997-4E3D-9DB6-991C00FAF73F}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|" "{A2CAF13A-98DF-4169-BD50-2F455AE00076}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=44445|Name=SetterPort44445|" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"=REG_DWORD, 1 "ProxyOverride"="REG_SZ", "<-loopback>" "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"=REG_DWORD, 1 "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "QuickyTranslator"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/11/2015 Scan Time: 09:02 Logfile: mbamQuickyTranslator.txt Administrator: Yes Version: 2.2.0.1020 Malware Database: v2015.11.11.02 Rootkit Database: v2015.11.04.02 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 307657 Time Elapsed: 4 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, 3764, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a] PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, 2984, Delete-on-Reboot, [893593e986053ff763a2edea956e956b] Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Quicky Translator 1.00, Quarantined, [3886f08c29627bbb96703b9c71922bd5], PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JSSETTERUTILITY2, Quarantined, [56680b716e1dea4cc0477f5831d2f60a], Registry Values: 2 PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JsSetterUtility2|ImagePath, "C:\Windows\Quicky Translator\Quicky Translator\Setter.exe", Quarantined, [56680b716e1dea4cc0477f5831d2f60a] PUP.Optional.QuickyTranslator.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QuickyTranslator, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Quarantined, [893593e986053ff763a2edea956e956b] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], Files: 13 PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.exe, Quarantined, [6b539be1b7d4d363965ffb4dd927df21], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.lnk, Quarantined, [6856b7c5236855e10ff55384bc4737c9], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Delete-on-Reboot, [893593e986053ff763a2edea956e956b], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\FiddlerCore.dll, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Hopstarter-Soft-Scraps-Button-Refresh.ico, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\InstallUtil.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Interop.NetFwTypeLib.dll, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\quicky.exe, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallState, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.ini, Quarantined, [dee0344879128caa791788f932d0e41c], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention