Computer: winXP SP2 emachine laptop. No idea what the specs are didnt bother checking.

This may be a well known file, but I used SpyHunter 3, Ad-Aware 2007, Panda Online Scan, and XoftSpySE with none of them detecting qopml.dll as part of the vundo issue.

They removed everything but qopml.dll, and upon searching for the file I found it under the spy-bot file list. Anywho I used several vb scripts and freeware programs for deleting *.dll's after reboot since this one would not unregister, and none of them would work.

Finaly used a Bart PE boot cd to remove the file via the cmd prompt after cleaning all the other files up with Ad-Aware, and XoftSpy.

The qopml.dll was showing up under Tools -> Manage Add-ons -> Enable and Disable Add-ons in Internet Explorer as a BHO with the name qopml.dll and file associated qopml.dll. It set security settings to off, and caused a ton of malware alarm and other false-positive spyware popups. Hijackthis did not show a record of this BHO.

Upon deleting the file with the Bart PE setup. The name changed to the registry value {65BB185E-B3FC-4Ad4-A468-OC4E6393FAD4} with the file still referenced as qopml.dll. I've since removed the registry hook as well and the popups have ceased.

The computer had Vundo/Virtumonde, Zlob, 180solutions, Zango, IST among a few others.

Vundo Fix latest version only removed kmmoq.bak1, kmmoq.bak2, kmmoq.ini, qommk.dll, cxmelsce.dll. It also failed to see qopml.dll.

Thanks for uploading the file.

I've added it to the malware listserv which will send the file out to all the AV companies.

/p1034951-MD5_d0350aecea05928a0d7e3856d1831286_qopml_dll.html

If you find any more malware files please upload them to this forum.