The Notepad.exe Virus, a.k.a. the Qaz Trojan (W32.HLLW.QAZ.A), is a nasty piece of work that allows a hacker a way to control an infected PC by replacing the standard notepad.exe file with malicious code. If the computer is connected to a network, the virus will quickly spread to other connected computers. Fortunately, it can be removed by editing the Windows registry.
Removing the Qaz Trojan Virus
Create a backup before starting. Removing the Notepad.exe (Qaz Trojan) virus involves editing the Windows registry. Improper editing of the registry can cause system problems, so it's important to create a backup by using the built-in Windows restore capabilities. Click "Start," "All Programs," "Accessories," "System Tools" and "System Restore." Check the "Create a restore point" radio button, click "Next" and follow the prompts.
Go to the Windows registry editor by clicking "Start" and then "Run." Type "regedit" into the dialog box and click "OK." A two-paned window will open.
Look for "HKEY_LOCAL_MACHINE" in the left pane and click the "+" sign next to it to expand the menu tree. Do the same on the following nested menus in this order:
Software Microsoft Windows CurrentVersion
Under the CurrentVersion folder, click on the Run folder to display its contents in the right pane.
Scan the right pane, under the Data column, for any entries containing the text "notepad.exe"--this list contains all programs that launch when Windows starts up. Notepad is not one of those applications in a normal Windows installation, so this would be the indication of the Qaz Trojan virus. Highlight the line containing "notepad.exe" by clicking on it, then press the 'Delete" key to remove it.
Do a system search for the file "note.com" and when found, rename to "notepad.exe" and overwrite the infected "notepad.exe" file in the C:\WINDOWS\system32 folder. Restart your computer. This will restore your original notepad.exe file,
Things You'll Need
Access to Windows registry
Be sure to have updated antivirus software running on your computer at all times.