This new backdoor Trojan allows hackers to access and control an infected system. TROJ_QAZ was initially distributed as "Notepad.exe" but might also appear with different filenames. Once an infected file is executed, TROJ_QAZ modifies the Windows registry so that it becomes active every time Windows is started. TROJ_QAZ also renames the original "notepad.exe" file to "note.com" and then copies itself as "notepad.exe" to the Windows folder. This way, the Trojan is also launched every time a user runs Notepad. TROJ_QAZ also attempts to spread itself to other shared drives on local networks. This Trojan does not mass email itself out to lists in the users address book however.

How to Clean/Delete the QAZ trojan?

The registry needs to edited to delete this Trojan

1. Click START, RUN
   Type REGEDIT and hit ENTER key
2. In the left panel, click the "+" to the left of the following:
   HKEY_LOCAL_MACHINE
   Software
   Microsoft
   Windows
   CurrentVersion
   Run
3. In the right panel, search for any of the registry key that contains the data value of startIE=XXXX\Notepad.exe.
4. In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
   Exit the registry.
   Click START,SHUTDOWN. Choose "Restart" and click OK.
5. Use the Find Tool under the Start Menu to find and rename Note.com to Notepad.exe.