How to Remove the Notepad.Exe Virus

Techwalla may earn compensation through affiliate links in this story. Learn more about our affiliate and product review process here.

The Notepad.exe Virus, a.k.a. the Qaz Trojan (W32.HLLW.QAZ.A), is a nasty piece of work that allows a hacker a way to control an infected PC by replacing the standard notepad.exe file with malicious code. If the computer is connected to a network, the virus will quickly spread to other connected computers. Fortunately, it can be removed by editing the Windows registry.

Advertisement

Removing the Qaz Trojan Virus

Video of the Day

Step 1

Create a backup before starting. Removing the Notepad.exe (Qaz Trojan) virus involves editing the Windows registry. Improper editing of the registry can cause system problems, so it's important to create a backup by using the built-in Windows restore capabilities. Click "Start," "All Programs," "Accessories," "System Tools" and "System Restore." Check the "Create a restore point" radio button, click "Next" and follow the prompts.

Advertisement

Video of the Day

Step 2

Go to the Windows registry editor by clicking "Start" and then "Run." Type "regedit" into the dialog box and click "OK." A two-paned window will open.

Step 3

Look for "HKEY_LOCAL_MACHINE" in the left pane and click the "+" sign next to it to expand the menu tree. Do the same on the following nested menus in this order:

Advertisement

Software Microsoft Windows CurrentVersion

Under the CurrentVersion folder, click on the Run folder to display its contents in the right pane.

Advertisement

Step 4

Scan the right pane, under the Data column, for any entries containing the text "notepad.exe"--this list contains all programs that launch when Windows starts up. Notepad is not one of those applications in a normal Windows installation, so this would be the indication of the Qaz Trojan virus. Highlight the line containing "notepad.exe" by clicking on it, then press the 'Delete" key to remove it.

Advertisement

Step 5

Do a system search for the file "note.com" and when found, rename to "notepad.exe" and overwrite the infected "notepad.exe" file in the C:\WINDOWS\system32 folder. Restart your computer. This will restore your original notepad.exe file,

Advertisement

Advertisement

references