Largest Directoty of Internet Security Software

Internet Security Threats

Home Software Threats Security
News		  

Trojan.Win32.Qhost.ix

RISK LEVEL:2

This Trojan is a modified Windows %System%\drivers\etc\hosts file, which isused to translate domain names (DNS) to IP addresses. The modified file is1240 bytes in size. The file is modified in such a way as to prevent the userfrom viewing the sites listed below.

The following strings are added to the hosts file:

127.0.0.1 cn.47555.cn
127.0.0.1 new3.etsoft.com.cn
127.0.0.1 new3.etsoft.com
127.0.0.1 etsoft.com
127.0.0.1 wl.etsoft.com.cn
127.0.0.1 wl.etsoft.com
127.0.0.1 down.jschina.com.cn
127.0.0.1 down.jschina.com
127.0.0.1 jschina.com
127.0.0.1 wow.etsoft.com.cn
127.0.0.1 wow.etsoft.com
127.0.0.1 new3.etsoft.com.cn
127.0.0.1 new3.etsoft.com
127.0.0.1 sw.etsoft.com.cn
127.0.0.1 mh.etsoft.com.cn
127.0.0.1 wool.etsoft.com.cn
127.0.0.1 zt.soft.com.cn
127.0.0.1 www.gaodumm.com

These modifications mean that all requests to the servers listed above willbe blocked.

This is the result of the activity of another malicious program.

If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram:

  1. Modify the %System%\drivers\etc\hosts file using any standardapplication (e.g. Notepad). Delete the strings added by the Trojan. The originalhosts file has the following contents:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

  2. Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).


Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=143726

Similar Virus/Threat >>
  •   Trojan.Win32.Pandora.l
    • This Trojan has a malicious payload. The Trojan is a Windows PE EXE file.It is 4,096 bytes in size.InstallationWhen launched, the Trojan copies its executable file to the Windows root...
  •   Trojan.Win32.StartPage.adi
  •   Trojan.Win32.Small.dl



  • Window Washer
    		•
  • symantec PCanywhere 12.0
    		•
  • Kaspersky Anti-Hacker
    		•
  • iSpyNOW
    		•
  • Diet Kaza
    		•

    Acronis Privacy Expert Suite 8.0
    (31,781KB - $29.99)
    AIM Spy Monitor 2007
    (3,145KB - $39.99)
    BlazingTools Secure Office
    (1,301KB - $54.95)
    Yahoo! Messenger Spy Monitor 2007
    (4,034KB - $39.99)
    Encrypt my Folder
    (1,530KB - $24.95)

    Cookie Cleaner   |    History Eraser   |    Popup Killer   |   Firewall   |   Antivirus   |   Security Encryption   |   UnInstaller   |   Security News
    eTrust Pestpatrol Anti-Spyware   PestPatrol 5   Ad-Aware SE Removal   Ad-Aware SE   Ad-Watch   SpyFighter Cleaner Pro   Free Adware Remover   Spy Sweeper  Webroot Spy Sweeper 
    Copyright © 2002-2007 Internet Security Software.All rights reserved.
    Directory of Internet Security Software - Cookie & Cache Cleaner, History & Evidence Eraser, Popup Killer, Firewall