Jump to content
Sign in to follow this  
Metallica

Removal instructions for Quicky Translator

Recommended Posts

What is Quicky Translator?

The Malwarebytes research team has determined that Quicky Translator is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Quicky Translator?

You may see this entry in your list of installed programs:

warning4.png

and this proxy in IE under Internet options > Connections > LAN settings > proxy server > Advanced :

warning1.png

and these icons in your taskbar and onk your desktop:

icons.png

and these Tech Support Scam pop-ups:

warning2.png

warning3.png

How did Quicky Translator get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Quicky Translator?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

If your computer or screen are locked up by the pop-ups, reboot into safe mode to run the removal process outlined below.

Choose "Safe Mode with Networking" if you haven't installed or updated Malwarebytes Anti-Malware yet.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Quicky Translator?
  • No, Malwarebytes' Anti-Malware removes Quicky Translator completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Quicky Translator adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see these signs in a HijackThis log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:44445;https=127.0.0.1:44445O4 - HKCU\..\Run: [QuickyTranslator] C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exeO23 - Service: JsSetterUtility2 - Unknown owner - C:\Windows\Quicky Translator\Quicky Translator\Setter.exe
You may see these signs in FRST logs:

 () C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe () C:\Windows\Quicky Translator\Quicky Translator\Setter.exe HKCU\...\Run: [QuickyTranslator] => C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe [688128 2015-11-06] () ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:44445;https=127.0.0.1:44445 ProxyEnable: [{USERID}] => Proxy is enabled. ProxyServer: [{USERID}] => http=127.0.0.1:44445;https=127.0.0.1:44445 R2 JsSetterUtility2; C:\Windows\Quicky Translator\Quicky Translator\Setter.exe [15872 2015-10-23] () [File not signed] C:\Users\{username}\Desktop\Quicky Translator.lnk C:\Windows\Quicky TranslatorQuicky Translator 1.00 (HKLM-x32\...\Quicky Translator 1.00) (Version: 1.00 - Quicky Translator)FirewallRules: [{657177C4-D997-4E3D-9DB6-991C00FAF73F}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exeFirewallRules: [{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}] => (Allow) C:\Windows\Quicky Translator\Quicky Translator\Setter.exeFirewallRules: [{A2CAF13A-98DF-4169-BD50-2F455AE00076}] => (Allow) LPort=44445
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    In the existing folder C:\Users\{username}\Desktop       Adds the file Quicky Translator.lnk"="11/11/2015 08:39, 2198 bytes, A    Adds the folder C:\Windows\Quicky Translator\Quicky Translator       Adds the file FiddlerCore.dll"="20/09/2013 02:33, 353280 bytes, A       Adds the file Hopstarter-Soft-Scraps-Button-Refresh.ico"="18/10/2015 18:21, 236022 bytes, A       Adds the file InstallUtil.InstallLog"="11/11/2015 08:39, 680 bytes, A       Adds the file Interop.NetFwTypeLib.dll"="06/10/2015 19:26, 19456 bytes, A       Adds the file quicky.exe"="07/09/2015 21:36, 11417600 bytes, A       Adds the file RavSoft.GoogleTranslator.exe"="06/11/2015 20:23, 688128 bytes, A       Adds the file Setter.exe"="24/10/2015 00:48, 15872 bytes, A       Adds the file Setter.InstallLog"="11/11/2015 08:39, 735 bytes, A       Adds the file Setter.InstallState"="11/11/2015 08:39, 7466 bytes, A       Adds the file Uninstall.exe"="11/11/2015 08:39, 334398 bytes, A       Adds the file Uninstall.ini"="11/11/2015 08:39, 3211 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Setter_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quicky Translator 1.00]       "DisplayIcon"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe"       "DisplayName"="REG_SZ", "Quicky Translator 1.00"       "DisplayVersion"="REG_SZ", "1.00"       "EstimatedSize"="REG_DWORD", 12758       "InstallDate"="REG_SZ", "20151111"       "InstallLocation"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\"       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\"       "Language"="REG_DWORD", 1033       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Quicky Translator"       "UninstallString"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe"       "VersionMajor"="REG_DWORD", 1       "VersionMinor"="REG_DWORD", 0    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\JsSetterUtility2]       "DelayedAutostart"="REG_DWORD", 0       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, ""C:\Windows\Quicky Translator\Quicky Translator\Setter.exe""       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16       "WOW64"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]       "{2278EC96-69BE-4DDA-BD12-3C040AE5D17A}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|"       "{657177C4-D997-4E3D-9DB6-991C00FAF73F}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\Quicky Translator\Quicky Translator\Setter.exe|Name=Setter|"       "{A2CAF13A-98DF-4169-BD50-2F455AE00076}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=44445|Name=SetterPort44445|"    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]       "ProxyEnable"=REG_DWORD, 1       "ProxyOverride"="REG_SZ", "<-loopback>"       "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]       "ProxyEnable"=REG_DWORD, 1       "ProxyServer"="REG_SZ", "http=127.0.0.1:44445;https=127.0.0.1:44445"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]       "QuickyTranslator"="REG_SZ", "C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/11/2015Scan Time: 09:02Logfile: mbamQuickyTranslator.txtAdministrator: YesVersion: 2.2.0.1020Malware Database: v2015.11.11.02Rootkit Database: v2015.11.04.02License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 307657Time Elapsed: 4 min, 40 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, 3764, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a]PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, 2984, Delete-on-Reboot, [893593e986053ff763a2edea956e956b]Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Quicky Translator 1.00, Quarantined, [3886f08c29627bbb96703b9c71922bd5], PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JSSETTERUTILITY2, Quarantined, [56680b716e1dea4cc0477f5831d2f60a], Registry Values: 2PUP.Optional.QuickyTranslator.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JsSetterUtility2|ImagePath, "C:\Windows\Quicky Translator\Quicky Translator\Setter.exe", Quarantined, [56680b716e1dea4cc0477f5831d2f60a]PUP.Optional.QuickyTranslator.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QuickyTranslator, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Quarantined, [893593e986053ff763a2edea956e956b]Registry Data: 0(No malicious items detected)Folders: 2PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], Files: 13PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.exe, Quarantined, [6b539be1b7d4d363965ffb4dd927df21], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Users\{username}\Desktop\Quicky Translator.lnk, Quarantined, [6856b7c5236855e10ff55384bc4737c9], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.exe, Delete-on-Reboot, [56680b716e1dea4cc0477f5831d2f60a], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\RavSoft.GoogleTranslator.exe, Delete-on-Reboot, [893593e986053ff763a2edea956e956b], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\FiddlerCore.dll, Delete-on-Reboot, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Hopstarter-Soft-Scraps-Button-Refresh.ico, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\InstallUtil.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Interop.NetFwTypeLib.dll, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\quicky.exe, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallLog, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Setter.InstallState, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.exe, Quarantined, [dee0344879128caa791788f932d0e41c], PUP.Optional.QuickyTranslator.PrxySvrRST, C:\Windows\Quicky Translator\Quicky Translator\Uninstall.ini, Quarantined, [dee0344879128caa791788f932d0e41c], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.