QuantLoader

What is QuantLoader?

QuantLoader is a dangerous Trojan infection that can infiltrate your system without your knowledge and permission and download other dangerous malware programs in the background among other damaging operations. Our malware experts at anti-spyware-101.com say that this Trojan can take control of your computer and perform several dangerous actions on your system, including logging your keystrokes, capturing screenshots, grabbing passwords, and shutting down your system. Since this malicious program can autostart with Windows, it will be there operating in the background without your noticing it every time you switch on your PC. Before long, this Trojan can cause a lot of damage to you, not to mention the privacy breaches. We believe that you must remove QuantLoader immediately from your computer to put an end to this severe threat.

Where does QuantLoader come from?

There are a couple of ways for you to let this beast on board. One of these is visiting suspicious websites that can either by simply loading the page or by your clicking on third-party content there drop this Trojan program. You may have hear of Exploit Kits. The cyber crooks behind this serious threat may, for example, use the RIG kit to infect you with this malware. For this to happen, these criminals need to set up a webpage with this Exploit Kit and redirect you there when you click on corrupt third-party ads or by simply exposing you to such ads via adware infections on your system. Such a redirection is very dangerous because the malicious page only need to load in your browser and if it is not updated or your drivers (Flash and Java) are not updated, it can drop this infection behind your back and you would not even know it. It does not even matter if you realize that you have landed on a suspicious site and you close the browser window right away. This will not stop or delete QuantLoader from your computer.

It is also possible that you receive a spam e-mail that contains this Trojan probably as an attachment. Once you click to open this attached file, your system will be doomed. Nowadays, spam mails can be very deceptive and may even look like totally legitimate ones with an important issue to share with you, including an unpaid invoice, a "must-see" video, problem with your bank account, and so on. You need to be more cautious around your mails and should not open any doubtful ones and their attachments either. Yet another option for this Trojan to appear on your system is when you click on shady pop-up downloaders that claim that you need to update your Flash driver or other software. Stick with official websites when downloading updates and new applications. But right now, you should delete QuantLoader and run a proper malware scanner to identify all other threats, too.

How does QuantLoader work?

Having this Trojan infection on board can cause a lot of system security and privacy issues for you. This infection can operate in the background and you may not even notice it for a long time. After execution, this Trojan copies itself to "%APPDATA%\[user ID]\svchost.exe." This "user ID" is an eight-digit unique ID generated for the victim. It also creates at least one Run registry key (e.g., "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Qt") to autostart with Windows. Once set up, it downloads a malware called FormBook in the background.

When this malware executes itself, it copies itself to "%USERPROFILE%" under a new name like "mfcgn2pl.exe" but our research also shows that this file name can have other prefixes, too, such as ms, mfc, win, vga, help, config, update, systray, and Cookies. This malicious executable can also have a couple of extensions, including .exe, .com, .pif, .cmd, and .bat.

Here is a list of what this malware is capable of:

  • Keystroke logging
  • Clipboard monitoring
  • HTTP/HTTPS/SPDY/HTTP2 form and network request grabbing
  • Browser and email client password grabbing
  • Capturing screenshots
  • Bot updating
  • Downloading and executing files
  • Bot removing
  • Launching commands via ShellExecute
  • Clear browser cookies
  • Reboot the system
  • Shutdown the system
  • Download and unpack ZIP archive

As you can imagine by now, this Trojan can cause a lot of harm to you and keeping it on board could have serious consequences for you. This is why we urge you to remove QuantLoader immediately.

How do I delete QuantLoader?

If you are ready to act, here is what we suggest you do. First of all, you need to delete all related files from your system. Then, you need to remove the Run registry entries. However, in order for you to be able to do this, you need to identify the right value names. We do not advise you to edit the Windows Registry unless you know exactly what you are doing since you might cause more serious issues by deleting the wrong keys. Please use our guide below at your own risk. If you want to defend your PC against such dangerous threats, you can always download and install a reliable anti-malware program like SpyHunter.

Remove QuantLoader from Windows

  1. Press Win+E to launch File Explorer.
  2. Locate and delete "%APPDATA%\Cookiescz7x.cmd"
  3. Check your default and preferred save folders (Desktop, Downloads, and %Temp%) for suspicious .exe files like "mfcgn2pl.exe" or "bilonebilo153.exe" and delete them all.
  4. Empty your Recycle Bin.
  5. Press Win+R and type regedit. Hit the Enter key.
  6. Delete the malicious Run registry value name that points to the location of the malicious .exe file in the following keys:
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  7. Exit the editor.
  8. Restart your computer. 100% FREE spyware scan and
    tested removal of QuantLoader*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *