Internet threat level: 1
Home→Descriptions→Trojan.Win32.Qhost.hc
Trojan.Win32.Qhost.hc
| Detected | Jun 11 2006 16:16 GMT |
| Released | Jun 11 2006 16:16 GMT |
| Published | Jun 16 2006 12:31 GMT |
Technical Details
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 1861 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added to the hosts file:
# Win32.Skowor Ransomware Host H4x0r
127.0.0.1 www.antivir.de
127.0.0.1 www.bitdefender.de
127.0.0.1 www.znet.de
127.0.0.1 www.chip.de
127.0.0.1 www.virustotal.com
127.0.0.1 virusscan.jotti.org
127.0.0.1 www.kaspersky.com
127.0.0.1 www.sophos.de
127.0.0.1 www.trojaner-info.de
127.0.0.1 www.trojaner-help.de
127.0.0.1 www.arcabit.com
127.0.0.1 www.avast.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.clamav.net
127.0.0.1 www.drweb.com
127.0.0.1 www.f-prot.com
127.0.0.1 www.google.de
127.0.0.1 www.fortinet.com
127.0.0.1 www.nod32.com
127.0.0.1 www.norman.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.anti-virus.by/en
127.0.0.1 www.symantec.com
127.0.0.1 www.windowsupdate.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.zonelabs.com
127.0.0.1 www.heise.de
127.0.0.1 www.antivirus-online.de
127.0.0.1 www.free-av.com
127.0.0.1 www.panda-software.com
127.0.0.1 www.pc-welt.de
127.0.0.1 www.pc-special.net
127.0.0.1 download.freenet.de
127.0.0.1 www.vollversion.de
127.0.0.1 www.das-download-archiv.de
127.0.0.1 www.freeware.de
127.0.0.1 www.antiviruslab.com
127.0.0.1 www.search.yahoo.com
127.0.0.1 www.web.de
127.0.0.1 www.hotmail.com
127.0.0.1 www.hotmail.de
127.0.0.1 www.gmx.net
127.0.0.1 www.spiegel.de
127.0.0.1 www.icq.com
127.0.0.1 www.icq.de
127.0.0.1 www.flirtlife.de
127.0.0.1 www.ffh.de
127.0.0.1 www.lavasoft.de
127.0.0.1 www.de.wikipedia.org
127.0.0.1 www.wikipedia.org
127.0.0.1 www.en.wikipedia.org
127.0.0.1 www.wissen.de
127.0.0.1 www.virus-aktuell.de
127.0.0.1 www.arcor.de
127.0.0.1 www.t-online.de
127.0.0.1 www.t-com.de
127.0.0.1 www.alice-dsl.de
127.0.0.1 www.freenet.de
127.0.0.1 www.1und1.de
127.0.0.1 www.fbi.gov
127.0.0.1 www.polizei.de
This is the result of the activity of another malicious program.
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.