Never install Quickheal Cleaner, it is an Adware…


Today I got introduced to an adware – Quickheal Cleaner, the way it was installed on the PC was quite intresting…

I was going to watch a movie today, which I had downloaded yesterday from P2P netwroking sites (torrents). When I opened the movie with Windows Media Player (as it was in .wmv format), it said that the codec required to play the movie has to be downloaded. I downloaded it and installed it, then what I noticed was that the file “Quickheal” wasn’t a codec it was a program. Then it ran automatically, started some sort of scanning (like Windows Defender does) & started giving out warnings & alerts again & again, that the PC is having a lot of threats + internet attacks + Trojans + whatever malicious you could think of… (LOL)

This behaviour itself proved to me that this Quickheal Cleaner was an Adware, (I had had such coincidences before) I googled for Quickheal Cleaner & found that what I had thought is true, it is an Adware…

Now, how do I get the PC back to normal? I googled that and found some softwares called “Quickheal Cleaner Removal Tool“. But I couldn’t trust those softwares either. I got other ways of manually removing it, but they seemed time-consuming…At this point of time, running Windows Restore? & restoring the PC to an earlier time seemed most probable thing to do, and the most easiest also.

Thank God, that the adware hadn’t deleted the System Restore points (deleting the restore points is common for trojans). After the System Restore, the PC was normal again. Then to convince myself, I opened that movie file with GOM Media Player & I learned that it was a fake video file binded with an Adware as GOM Player just showed some green & white horizontal lines moving over the screen for 5 seconds :P

So if you ever come across anything called Quickheal Cleaner, don’t even think to install it, unless you want your PC dumped with fake alerts (they are really irritating) & ads :D

Top 10 Trojans of All Time

1. NetBus

It was created in Delphi by? Carl-Fredrik Neikter, in 1998. It is a software for remotely controlling a system which runs Microsoft Windows. Not only remote control, it can also be used as a backdoor. Like any other trojan, NetBus also has 2 components: the client and server. The server infects the host computer and the client is used to control it.

2. Back Orifice

Back Orifice’s main purpose is to remotely control a Microsoft Windows Powered system. It has the potential of being used as a RAT (Remote Administration Trojan). It is widely used by “Script Kiddies” due to its easy installation and GUI features. The name “Back Orifice” derives from “Microsoft BackOffice Server“. According to the group, its purpose was to demonstrate the lack of security in Microsoft’s operating system Windows 98. BO was created in Delphi.

3. Sub7

Sub7 or SubSeven is a popular backdoor program and RAT. It is mainly used for causing mischief, but it can also be used to steal credit card information and other such confidential data. Its name “Subseven” is derived by spelling “Netbus” backwards as “SubTen” and replacing “ten” with “seven“. Sub7 is less stable than Netbus, but has more features than it.


It is a Windows-based backdoor trojan program (RAT). It is capable of infecting all Windows OSs. Like most of the trojans, it is also written in Delphi, by Tataye, in 2002. Beast has many unique features, it was one of the first trojans to use the “Reverse Connection” and it used “Injection Method” for its DLL. Its unique features made it popular.

5. ProRat

It is a Turkish-made, Windows-based RAT, made by the PRO Group. It comes in two versions: free and paid version. The free version cannot perform operations on computers present on the WAN, but only on LAN. Its server is known for being almost impossible to remove without up-to-date antivirus. It has many features & it can perform many malicious operations on the victim’s computer. It also has a server creator which enables users to create servers which are undetectable and provides other advanced features.

6. Zlob Trojan

Also known as Trojan.Zlob is a trojan horse which masquerades as a needed video codec in the form of ActiveX. After a victim installs it, it displays popup-ads with a similiar appearance to that of the Microsoft Windows warning pop-ups, informing the user that their computer is infected with a spyware, clicking on these pop-ups starts the download of fake anti-spyware programs.

7. SpySheriff

As the name suggests, it claims to be an anti-spyware program, but it is actually a malware. It gives the infected computers, fake spyware and threat alerts and prompts the user of the infected PC to buy the program. SpySheriff is sometimes not even detected by actual spywares. It is very difficult to remove SpySheriff from the computer which it has infected. It causes many problems, including the Blue Screen of Death!


Also known as Vundo Trojan, Virtumonde, Virtumondo or MS Juan, is a trojan horse that causes pop-ups & advertisements for Rogue Security softwares and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. Vundu causes your browser to show pop-ups from time-to-time.


Turkojan is a RAT and spying tool for Microsoft Windows. It is not detectable by many AVs and only up-to-date antivirus programs can detect it. It is very much similar to ProRat in features, but has some plus and minus.

10. Trojan-Downloader.Win32.Kido.a

It is a Windows DLL file, it copies its executable file with random names to “Program Files“, “Temp“, “Special Folder” & “System“. It also registers its executable file to the registry to ensure that it is launched automatically at system start-up. It also modifies registry keys to make it impossible to boot into “Safe Mode“.
Its removal is not so easy if you don’t have an up-to-date Antivirus Software. The removal procedure includes some binary editing in registry.