# loadqm.exe is DEATH!!



## bblinky (Apr 4, 2003)

Microslut's "QManager" (loadqm.exe, usually found in startup or autorun) is SUPPOSEDLY there to give Bill some how-well-it's-working feedback. Yeah, sure. Well, I killed mine (with garlic, a stake AND silver bullets) a long time ago and never had a single problem. However, it kept standing out like a sore thumb in the logs of most problem-sufferers posting here. (Probably not related to THEIR problems, but it made me very curious.) Since MS + feedback usually = theworstkindofpukespyware, I asked one of my scarier friends to turn it loose and sniff it. He's got several rigs, one full of totally bogus "identity" data that he uses just for such purposes. Results: it dialed a bounced IP of HIS service provider (??) and tried to send (among other things) screenshots and saved passwords (including Pay-Pal)!! Yeah, I'm too paranoid. Sure. Uh-huh. You bet.
Excuse me. I have to go sit on the closet floor now and practice fieldstripping my guns in the dark. ;-]


----------



## Gary R (Aug 9, 2001)

LOL!


----------



## TOGG (Apr 2, 2002)

bblinky,

Apart from the Hammer Horror props, what else did you use to kill LoadQM?.

I had got rid of it via msconfig (or thought I had) then my son d/l a new version of MSN Messenger (I try and persuade him not to use it but he's 22 and bigger than me!). 

Since then I've used msconfig and Hijack This but the sucker keeps popping up every time I go online and I deny it access via ZA.

I would love to get rid of it permanently and would only be slightly upset if that crippled MSN Messenger in the process.


----------



## Kepiano (Sep 26, 2000)

This will remove Loadqm:

Run - regedit
HKEY_Local_Machine_Software/Microsoft/Windows/CurrentVersion/Run
Delete String Value: ab LoadQm"loadqm.exe"
Reboot
Open 'My Computer". On view menu go to Folder Options - select the View tab, put a check in the box "View all Files" (On mine it says "Show all Files") click apply and close Folder Options.
Open Windows Explorer. Go to Program Files folder and delete the hidden folder 'QMgr"

Also delete:
Go to 'Find"
loadqm.exe c:\windows
loadqm.lgc c:\windows\applog
qmgr.dll c:\windows\system
qmgrprxy.dll c:\windows\system
progld.dll c:\windows\system
qmgr.cab c:\Program Files\Messenger
qmgr.inf c:\Program Files\Messenger

I have done it this way every time I load a new version of MS stuff. It works, but alas it has to be repeated with each new installation.
I am using Win98.


----------



## bblinky (Apr 4, 2003)

Kepiano hit the nail on the head. Thanks, Kep. Also, I have been advised that not only a reinstall of 98 or a Messenger update will bring it back, but so will an update of Idiot Exploiter. Keep the garlic handy.


----------



## TOGG (Apr 2, 2002)

Thanks for the info.

I'm stringing garlic round the doors and windows as soon as I get offline!


----------



## AtreideS (Aug 20, 2001)

I don't have ye olde Windows anymore, so I don't have loadqm.exe but I can remember always wondering what it was. So what actually does it do? I couldn't imagine bblinky's suggestion being 'entirely' accurate. As I'm sure they wouldn't make it too easy to find out. Bill Gates isn't that silly. I'm sure he's got much better ways of spying on us all.  hehe


----------



## TOGG (Apr 2, 2002)

AtreideS,

He certainly has;http://www.hevanet.com/peace/microsoft.htm

If you've got real stamina for a long read check this as well;
http://www.aaxnet.com/editor/edit029.html#mspath


----------



## AtreideS (Aug 20, 2001)

TOGG, thankyou for the links. I use ZoneAlarm and I have wondered many times why MS Word tries to access the internet. Yet when you deny it access it doesn't kick up a fuss. 
Those links look like an interesting read, tommorrow I will have some time to read more in depth. Thankyou.


----------



## TOGG (Apr 2, 2002)

You're welcome.

Obviously, it is neccessary to exercise some caution in reacting to this type of material because there is no test of intelligence or truthfulness before you are allowed to put up a website.

Having said that, the proved facts about Bill's past business practices lead me to think that most of the stuff in those links (that isn't pure speculation) is all too likely to be true.


----------



## RSM123 (Aug 1, 2002)

Another link to articles on known vulnerabilities in Win Operating Systems - some very old but it is still updated :

http://www.ciac.org/ciac/


----------



## john1 (Nov 25, 2000)

Thank you Togg,
i have added this page to my favourites,
and made it 'available off-line'

http://radsoft.net/news/20020905,00.html

Very interesting,
John


----------



## TOGG (Apr 2, 2002)

john1,

I had Radsoft in my Favourites for a long time and had read that page about the EULA. That helped me to decide to get a Mac when this old Win 98 box finally dies (I'll never be smart enough for Linux!).

There's another interesting, biased anti MS rant (or thoughtful and worrying criticism - you decide) on this page but it's a pdf d/l 
;http://www.ccianet.org/index.php3

Scroll down to the 'Microsoft Monopoly represents National Security risk' heading and read on.


----------



## mudhen (Dec 2, 2003)

All,

This is a bit late, but I read your posts and followed your suggestions. They all worked great. I recently reinstalled MSN Messenger and wanted to "Kill Bill." 

FWIW, I wrote a couple of files to "automate" this, one DOS batch file and one Windows Registry file (I used them on Win98SE, YMMV):

DOS Batch file, in a .BAT file (UnLoadQM.BAT):
------------------------------------
del "c:\windows\loadqm.exe"
del "c:\windows\applog\loadqm.lgc"
del "c:\windows\system\qmgr.dll"
del "c:\windows\system\qmgrprxy.dll"
del "c:\windows\system\progld.dll"
del "c:\Program Files\Messenger\qmgr.cab"
del "c:\Program Files\Messenger\qmgr.inf"
deltree "c:\Program Files\QMgr"
rem 1. The deltree command can be run from a batch file in a non-interactive mode,
rem but I don't recall the command switch. 
rem If you don't recall what it is, you can probably find it in old references, A few of the above deletions did not occur; perhaps the files were in other directories?
rem 3. Anyway, LoadQM was removed as far as I am concerned...
------------------------------------

Windows 98 Registry file (for two LoadQM keys), saved in a .REG file (UnLoadQM.REG):
------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LoadQM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"LoadQM"=-
------------------------------------

I then rebooted manually and did not find LoadQM loaded. If you admin several systems, you could also include, in the bat file, the regedit command to remove a specific key, but I chose to use a Reg file instead. You could also launch the Reg file from the bat file, but I did not try that, either.

Of course, an enterprising hacker could probably do this in some code during a coffee break...I recall someone once wrote a small utility to remove AIM.EXE from Netscape installs...

HTH,
Mudhen


----------



## American (Dec 3, 2003)

> _Originally posted by Kepiano:_
> *This will remove Loadqm:
> 
> Run - regedit
> ...


Hey. I want to thank you. The steps you gave worked. Finally got rid of that piece of crap. Thing was annoying and it was driving my ZoneAlarm nuts. It was also slowing my internet connection down for some reason. I have Verizon DSL and i noticed everytime my internet was very slow to download, Qmgr was "working" in ZoneAlarm.


----------



## buddha549 (Dec 6, 2003)

There are also 2 files in c:\windows\temp.
qmgr.zip and a qmgr setup file.


----------



## vikking50 (Dec 9, 2003)

Files found in Windows\temp: qmgr.inf and qmgr.cab
Program files folder found is MS Messenger and lacks any of the previously listed files.

Recent Internet Explorer 6 SP1 install on Win 98SE


----------

