© 2008 System-Protector.com All Rights Reserved.
Bit Defender | Kaspersky | ESET NOD32 | AVG Antivirus | F-Secure Antivirus | Trend Micro | McAfee VirusScan | Norton antivirus | CA Antivirus | Norman Antivirus | G DATA Antivirus | Panda Antivirus | AVAST Antivirus | F-Prot antivirus | PC Tools Antivirus | Webroot Antivirus | ViRobot
Latest in trend:
» viruses
QHosts-113
What is QHost-113?
Discovered on 13th November 2008, QHosts-113 is a Trojan that modifies the windows hosts file denying access to security vendor websites by redirecting it to local host IP.
Aliases
- Trj/QHost.JE(Panda)
- Trojan.Noupd(DrWeb)
- Trojan.QHosts.AA(VirusBuster)
- Trojan.Win32.NoUpdate.b(Kaspersky)
How does it affect your PC?
Upon execution the Trojan modifies the hosts file at the location:
%System%\ drivers\etc\hosts
Where = %System%\ = C:\WINDOWS\system32
The modified hosts file will contain a list of URLs redirected to local host IP 127.0.0.1
Often this is used to redirect the victims browsing to a specific website and prevent users from downloading updates. In this case it is redirecting all security vendor websites including their signature update sites to localhost there by denying the updates
The modified host file will be as below:
127.0.0.1 www.mcafee.com
127.0.0.1 www.symantec.com
127.0.0.1 www.kaspersky-labs.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.my-etrust.com
How to remove QHost-113?
A combination of the latest DATs and the Engine will be able to detect and remove this threat. It is recommended that users do not trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.