Internet threat level: 1
Watch us on
Home→Descriptions→Trojan.Win32.Qhost.fe
Trojan.Win32.Qhost.fe
| Detected | Dec 31 2005 09:51 GMT |
| Released | Dec 31 2005 12:34 GMT |
| Published | Jun 28 2007 09:08 GMT |
Technical Details
Removal instructions
Removal instructions
Technical Details
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to map domain names (DNS) to IP addresses. The modified file is 5 942 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added to the hosts file:
145.122.155.213 avp.com
38.141.114.157 ca.com
63.185.237.164 customer.symantec.com
23.202.7.12 dispatch.mcafee.com
22.126.229.128 download.mcafee.com
212.174.152.172 downloads1.kaspersky-labs.com
201.205.219.0 downloads2.kaspersky-labs.com
230.135.169.2 downloads3.kaspersky-labs.com
196.184.0.188 downloads4.kaspersky-labs.com
53.28.155.139 downloads-eu1.kaspersky-labs.com
66.205.138.58 downloads-eu2.kaspersky-labs.com
118.140.98.217 downloads-eu3.kaspersky-labs.com
5.222.244.171 downloads-eu4.kaspersky-labs.com
33.122.75.254 downloads-us1.kaspersky-labs.com
23.22.204.3 downloads-us2.kaspersky-labs.com
127.9.83.63 downloads-us3.kaspersky-labs.com
31.216.18.81 downloads-us4.kaspersky-labs.com
70.37.16.156 f-secure.com
194.254.34.122 ftp.avp.com
62.168.31.177 ftp.ca.com
149.211.58.176 ftp.customer.symantec.com
128.64.57.85 ftp.dispatch.mcafee.com
31.107.132.70 ftp.download.mcafee.com
64.169.185.151 ftp.downloads1.kaspersky-labs.com
110.204.180.81 ftp.downloads2.kaspersky-labs.com
165.196.207.136 ftp.downloads3.kaspersky-labs.com
182.218.59.153 ftp.downloads4.kaspersky-labs.com
182.231.177.204 ftp.downloads-eu1.kaspersky-labs.com
135.165.124.87 ftp.downloads-eu2.kaspersky-labs.com
84.148.228.15 ftp.downloads-eu3.kaspersky-labs.com
141.246.168.201 ftp.downloads-eu4.kaspersky-labs.com
195.237.14.49 ftp.downloads-us1.kaspersky-labs.com
101.55.17.15 ftp.downloads-us2.kaspersky-labs.com
198.9.97.212 ftp.downloads-us3.kaspersky-labs.com
249.163.157.220 ftp.downloads-us4.kaspersky-labs.com
203.6.144.57 ftp.f-secure.com
127.214.199.252 ftp.grisoft.com
33.128.86.222 ftp.kaspersky.com
238.19.166.28 ftp.kaspersky-labs.com
198.201.140.1 ftp.liveupdate.symantec.com
25.240.149.112 ftp.liveupdate.symantecliveupdate.com
193.244.78.96 ftp.mast.mcafee.com
204.206.91.161 ftp.mcafee.com
141.178.53.215 ftp.my-etrust.com
135.22.233.144 ftp.nai.com
17.2.27.74 ftp.networkassociates.com
180.206.47.229 ftp.norton.com
44.168.239.211 ftp.rads.mcafee.com
6.7.242.111 ftp.sandbox.norman.com
81.127.164.91 ftp.secure.nai.com
210.133.68.86 ftp.securityresponse.symantec.com
175.18.159.95 ftp.sophos.com
9.203.246.152 ftp.symantec.com
238.137.63.45 ftp.symantecliveupdate.com
52.110.181.221 ftp.symatec.com
248.103.248.202 ftp.trendmicro.com
137.186.157.156 ftp.uk.trendmicro-europe.com
210.21.245.201 ftp.update.symantec.com
145.164.238.253 ftp.updates.symantec.com
10.61.208.218 ftp.updates1.kaspersky-labs.com
214.18.70.42 ftp.updates2.kaspersky-labs.com
45.251.90.54 ftp.updates3.kaspersky-labs.com
38.233.114.83 ftp.updates4.kaspersky-labs.com
215.89.108.216 ftp.us.mcafee.com
229.254.207.150 ftp.viruslist.com
74.19.87.6 grisoft.com
246.190.53.175 kaspersky.com
152.190.81.164 kaspersky-labs.com
163.55.114.242 liveupdate.symantec.com
224.178.1.231 liveupdate.symantecliveupdate.com
41.108.98.165 mast.mcafee.com
22.194.20.196 mcafee.com
193.126.133.150 my-etrust.com
223.77.226.187 nai.com
207.153.180.151 networkassociates.com
123.24.42.113 norton.com
137.190.217.52 pandasoftware.com
65.122.207.26 rads.mcafee.com
189.85.68.202 sandbox.norman.com
39.222.186.43 secure.nai.com
167.147.1.102 securityresponse.symantec.com
92.11.181.107 sophos.com
81.45.209.116 symantec.com
119.59.234.198 symantecliveupdate.com
3.220.34.192 symatec.com
173.148.103.117 trendmicro.com
201.56.28.203 uk.trendmicro-europe.com
158.220.177.251 update.symantec.com
134.207.71.226 updates.symantec.com
47.7.114.107 updates1.kaspersky-labs.com
19.40.176.25 updates2.kaspersky-labs.com
241.18.166.124 updates3.kaspersky-labs.com
114.127.175.3 updates4.kaspersky-labs.com
37.54.106.123 us.mcafee.com
150.92.180.198 viruslist.com
183.219.79.123 virusscan.jotti.org 175.246.160.127 virustotal.com
235.111.61.226 www.avp.com
15.235.187.110 www.ca.com
121.120.242.193 www.customer.symantec.com
27.66.48.116 www.dispatch.mcafee.com
77.135.1.124 www.download.mcafee.com
82.61.150.235 www.downloads1.kaspersky-labs.com
208.243.233.63 www.downloads2.kaspersky-labs.com
89.130.153.194 www.downloads3.kaspersky-labs.com
201.105.193.206 www.downloads4.kaspersky-labs.com
164.15.161.237 www.downloads-eu1.kaspersky-labs.com
187.61.106.152 www.downloads-eu2.kaspersky-labs.com
165.121.16.167 www.downloads-eu3.kaspersky-labs.com
109.38.86.160 www.downloads-eu4.kaspersky-labs.com
140.139.20.129 www.downloads-us1.kaspersky-labs.com
107.175.222.54 www.downloads-us2.kaspersky-labs.com
159.31.134.70 www.downloads-us3.kaspersky-labs.com
34.9.172.1 www.downloads-us4.kaspersky-labs.com
25.89.212.167 www.f-secure.com
15.165.173.86 www.grisoft.com
30.43.5.62 www.kaspersky.com
117.163.26.97 www.kaspersky-labs.com
59.41.193.96 www.liveupdate.symantec.com
171.138.15.157 www.liveupdate.symantecliveupdate.com
126.171.248.184 www.mast.mcafee.com
116.220.174.29 www.mcafee.com
18.72.138.189 www.my-etrust.com
105.105.92.36 www.nai.com
117.145.132.243 www.networkassociates.com
116.131.128.143 www.norton.com
185.174.246.245 www.pandasoftware.com
94.248.222.138 www.rads.mcafee.com
91.63.204.91 www.sandbox.norman.com
100.96.254.29 www.secure.nai.com
28.142.188.233 www.securityresponse.symantec.com
102.179.32.2 www.sophos.com
127.155.201.146 www.symantec.com
31.192.65.203 www.symantecliveupdate.com
68.103.79.66 www.symatec.com
239.223.56.100 www.trendmicro.com
121.32.28.133 www.uk.trendmicro-europe.com
56.9.86.204 www.update.symantec.com
165.145.171.118 www.updates.symantec.com
199.38.160.63 www.updates1.kaspersky-labs.com
117.234.86.250 www.updates2.kaspersky-labs.com
79.198.23.142 www.updates3.kaspersky-labs.com
122.210.43.92 www.updates4.kaspersky-labs.com
240.154.133.229 www.us.mcafee.com
133.203.203.161 www.viruslist.com
91.61.242.205 www.virustotal.com
38.141.114.157 ca.com
63.185.237.164 customer.symantec.com
23.202.7.12 dispatch.mcafee.com
22.126.229.128 download.mcafee.com
212.174.152.172 downloads1.kaspersky-labs.com
201.205.219.0 downloads2.kaspersky-labs.com
230.135.169.2 downloads3.kaspersky-labs.com
196.184.0.188 downloads4.kaspersky-labs.com
53.28.155.139 downloads-eu1.kaspersky-labs.com
66.205.138.58 downloads-eu2.kaspersky-labs.com
118.140.98.217 downloads-eu3.kaspersky-labs.com
5.222.244.171 downloads-eu4.kaspersky-labs.com
33.122.75.254 downloads-us1.kaspersky-labs.com
23.22.204.3 downloads-us2.kaspersky-labs.com
127.9.83.63 downloads-us3.kaspersky-labs.com
31.216.18.81 downloads-us4.kaspersky-labs.com
70.37.16.156 f-secure.com
194.254.34.122 ftp.avp.com
62.168.31.177 ftp.ca.com
149.211.58.176 ftp.customer.symantec.com
128.64.57.85 ftp.dispatch.mcafee.com
31.107.132.70 ftp.download.mcafee.com
64.169.185.151 ftp.downloads1.kaspersky-labs.com
110.204.180.81 ftp.downloads2.kaspersky-labs.com
165.196.207.136 ftp.downloads3.kaspersky-labs.com
182.218.59.153 ftp.downloads4.kaspersky-labs.com
182.231.177.204 ftp.downloads-eu1.kaspersky-labs.com
135.165.124.87 ftp.downloads-eu2.kaspersky-labs.com
84.148.228.15 ftp.downloads-eu3.kaspersky-labs.com
141.246.168.201 ftp.downloads-eu4.kaspersky-labs.com
195.237.14.49 ftp.downloads-us1.kaspersky-labs.com
101.55.17.15 ftp.downloads-us2.kaspersky-labs.com
198.9.97.212 ftp.downloads-us3.kaspersky-labs.com
249.163.157.220 ftp.downloads-us4.kaspersky-labs.com
203.6.144.57 ftp.f-secure.com
127.214.199.252 ftp.grisoft.com
33.128.86.222 ftp.kaspersky.com
238.19.166.28 ftp.kaspersky-labs.com
198.201.140.1 ftp.liveupdate.symantec.com
25.240.149.112 ftp.liveupdate.symantecliveupdate.com
193.244.78.96 ftp.mast.mcafee.com
204.206.91.161 ftp.mcafee.com
141.178.53.215 ftp.my-etrust.com
135.22.233.144 ftp.nai.com
17.2.27.74 ftp.networkassociates.com
180.206.47.229 ftp.norton.com
44.168.239.211 ftp.rads.mcafee.com
6.7.242.111 ftp.sandbox.norman.com
81.127.164.91 ftp.secure.nai.com
210.133.68.86 ftp.securityresponse.symantec.com
175.18.159.95 ftp.sophos.com
9.203.246.152 ftp.symantec.com
238.137.63.45 ftp.symantecliveupdate.com
52.110.181.221 ftp.symatec.com
248.103.248.202 ftp.trendmicro.com
137.186.157.156 ftp.uk.trendmicro-europe.com
210.21.245.201 ftp.update.symantec.com
145.164.238.253 ftp.updates.symantec.com
10.61.208.218 ftp.updates1.kaspersky-labs.com
214.18.70.42 ftp.updates2.kaspersky-labs.com
45.251.90.54 ftp.updates3.kaspersky-labs.com
38.233.114.83 ftp.updates4.kaspersky-labs.com
215.89.108.216 ftp.us.mcafee.com
229.254.207.150 ftp.viruslist.com
74.19.87.6 grisoft.com
246.190.53.175 kaspersky.com
152.190.81.164 kaspersky-labs.com
163.55.114.242 liveupdate.symantec.com
224.178.1.231 liveupdate.symantecliveupdate.com
41.108.98.165 mast.mcafee.com
22.194.20.196 mcafee.com
193.126.133.150 my-etrust.com
223.77.226.187 nai.com
207.153.180.151 networkassociates.com
123.24.42.113 norton.com
137.190.217.52 pandasoftware.com
65.122.207.26 rads.mcafee.com
189.85.68.202 sandbox.norman.com
39.222.186.43 secure.nai.com
167.147.1.102 securityresponse.symantec.com
92.11.181.107 sophos.com
81.45.209.116 symantec.com
119.59.234.198 symantecliveupdate.com
3.220.34.192 symatec.com
173.148.103.117 trendmicro.com
201.56.28.203 uk.trendmicro-europe.com
158.220.177.251 update.symantec.com
134.207.71.226 updates.symantec.com
47.7.114.107 updates1.kaspersky-labs.com
19.40.176.25 updates2.kaspersky-labs.com
241.18.166.124 updates3.kaspersky-labs.com
114.127.175.3 updates4.kaspersky-labs.com
37.54.106.123 us.mcafee.com
150.92.180.198 viruslist.com
183.219.79.123 virusscan.jotti.org 175.246.160.127 virustotal.com
235.111.61.226 www.avp.com
15.235.187.110 www.ca.com
121.120.242.193 www.customer.symantec.com
27.66.48.116 www.dispatch.mcafee.com
77.135.1.124 www.download.mcafee.com
82.61.150.235 www.downloads1.kaspersky-labs.com
208.243.233.63 www.downloads2.kaspersky-labs.com
89.130.153.194 www.downloads3.kaspersky-labs.com
201.105.193.206 www.downloads4.kaspersky-labs.com
164.15.161.237 www.downloads-eu1.kaspersky-labs.com
187.61.106.152 www.downloads-eu2.kaspersky-labs.com
165.121.16.167 www.downloads-eu3.kaspersky-labs.com
109.38.86.160 www.downloads-eu4.kaspersky-labs.com
140.139.20.129 www.downloads-us1.kaspersky-labs.com
107.175.222.54 www.downloads-us2.kaspersky-labs.com
159.31.134.70 www.downloads-us3.kaspersky-labs.com
34.9.172.1 www.downloads-us4.kaspersky-labs.com
25.89.212.167 www.f-secure.com
15.165.173.86 www.grisoft.com
30.43.5.62 www.kaspersky.com
117.163.26.97 www.kaspersky-labs.com
59.41.193.96 www.liveupdate.symantec.com
171.138.15.157 www.liveupdate.symantecliveupdate.com
126.171.248.184 www.mast.mcafee.com
116.220.174.29 www.mcafee.com
18.72.138.189 www.my-etrust.com
105.105.92.36 www.nai.com
117.145.132.243 www.networkassociates.com
116.131.128.143 www.norton.com
185.174.246.245 www.pandasoftware.com
94.248.222.138 www.rads.mcafee.com
91.63.204.91 www.sandbox.norman.com
100.96.254.29 www.secure.nai.com
28.142.188.233 www.securityresponse.symantec.com
102.179.32.2 www.sophos.com
127.155.201.146 www.symantec.com
31.192.65.203 www.symantecliveupdate.com
68.103.79.66 www.symatec.com
239.223.56.100 www.trendmicro.com
121.32.28.133 www.uk.trendmicro-europe.com
56.9.86.204 www.update.symantec.com
165.145.171.118 www.updates.symantec.com
199.38.160.63 www.updates1.kaspersky-labs.com
117.234.86.250 www.updates2.kaspersky-labs.com
79.198.23.142 www.updates3.kaspersky-labs.com
122.210.43.92 www.updates4.kaspersky-labs.com
240.154.133.229 www.us.mcafee.com
133.203.203.161 www.viruslist.com
91.61.242.205 www.virustotal.com
This means that all attempts to contact the servers listed above will be redirected to the corresponding address.
This is the result of the activity of another malicious program.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Modify the %System%\drivers\etc\hosts file using any standard application (e.g. Notepad). Delete the strings added by the Trojan. The original hosts file has the following contents:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Trojan
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
Other versions
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.