Internet threat level: 1
Watch us on
Home→Descriptions→Trojan.Win32.Qhost.le
Trojan.Win32.Qhost.le
| Detected | Apr 19 2007 11:01 GMT |
| Released | Apr 19 2007 11:01 GMT |
| Published | Apr 27 2007 11:31 GMT |
Technical Details
Removal instructions
Removal instructions
Technical Details
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The modified file is 9801 bytes in size. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added to the hosts file:
127.0.0.1 2ch.net 127.0.0.1 www.2ch.net 127.0.0.1 www2.2ch.net 127.0.0.1 www2b.2ch.net 127.0.0.1 www2f1.2ch.net 127.0.0.1 www2f2.2ch.net 127.0.0.1 www2f3.2ch.net 127.0.0.1 www2f4.2ch.net 127.0.0.1 www2f5.2ch.net 127.0.0.1 1999.2ch.net 127.0.0.1 2002a.2ch.net 127.0.0.1 2chplus.2ch.net 127.0.0.1 aa.2ch.net 127.0.0.1 aa2.2ch.net 127.0.0.1 aa2.2ch.net 127.0.0.1 aa3.2ch.net 127.0.0.1 aa4.2ch.net 127.0.0.1 aa5.2ch.net 127.0.0.1 aa6.2ch.net 127.0.0.1 academy.2ch.net 127.0.0.1 academy2.2ch.net 127.0.0.1 academy3.2ch.net 127.0.0.1 academy4.2ch.net 127.0.0.1 academy5.2ch.net 127.0.0.1 anime.2ch.net 127.0.0.1 b.2ch.net 127.0.0.1 bbq.2ch.net 127.0.0.1 bbq2.2ch.net 127.0.0.1 be.2ch.net 127.0.0.1 blackgoat3.2ch.net 127.0.0.1 blackgoat4.2ch.net 127.0.0.1 boo.2ch.net 127.0.0.1 book.2ch.net 127.0.0.1 book2.2ch.net 127.0.0.1 book3.2ch.net 127.0.0.1 book4.2ch.net 127.0.0.1 bubble.2ch.net 127.0.0.1 bubble2.2ch.net 127.0.0.1 bubble3.2ch.net 127.0.0.1 bubble4.2ch.net 127.0.0.1 bubble5.2ch.net 127.0.0.1 c.2ch.net 127.0.0.1 c1.2ch.net 127.0.0.1 c2.2ch.net 127.0.0.1 c-au.2ch.net 127.0.0.1 c-au4.2ch.net 127.0.0.1 c-au5.2ch.net 127.0.0.1 c-au6.2ch.net 127.0.0.1 c-docomo.2ch.net 127.0.0.1 c-docomo5.2ch.net 127.0.0.1 c-docomo6.2ch.net 127.0.0.1 c-docomo7.2ch.net 127.0.0.1 c-others.2ch.net 127.0.0.1 c-others1.2ch.net 127.0.0.1 c-others2.2ch.net 127.0.0.1 caramel.2ch.net 127.0.0.1 cheese.2ch.net 127.0.0.1 choco.2ch.net 127.0.0.1 cocoa.2ch.net 127.0.0.1 comic.2ch.net 127.0.0.1 comic2.2ch.net 127.0.0.1 comic3.2ch.net 127.0.0.1 comic4.2ch.net 127.0.0.1 comic5.2ch.net 127.0.0.1 comic6.2ch.net 127.0.0.1 comic7.2ch.net 127.0.0.1 cook81.2ch.net 127.0.0.1 corn.2ch.net 127.0.0.1 count.2ch.net 127.0.0.1 curry.2ch.net 127.0.0.1 dso.2ch.net 127.0.0.1 ebi.2ch.net 127.0.0.1 epg.2ch.net 127.0.0.1 eq.2ch.net 127.0.0.1 etc.2ch.net 127.0.0.1 etc2.2ch.net 127.0.0.1 etc3.2ch.net 127.0.0.1 etc4.2ch.net 127.0.0.1 etc5.2ch.net 127.0.0.1 etc6.2ch.net 127.0.0.1 ex.2ch.net 127.0.0.1 ex2.2ch.net 127.0.0.1 ex3.2ch.net 127.0.0.1 ex4.2ch.net 127.0.0.1 ex5.2ch.net 127.0.0.1 ex6.2ch.net 127.0.0.1 ex7.2ch.net 127.0.0.1 ex8.2ch.net 127.0.0.1 ex9.2ch.net 127.0.0.1 ex10.2ch.net 127.0.0.1 ex11.2ch.net 127.0.0.1 ex12.2ch.net 127.0.0.1 ex13.2ch.net 127.0.0.1 ex14.2ch.net 127.0.0.1 ex15.2ch.net 127.0.0.1 ex18.2ch.net 127.0.0.1 ex19.2ch.net 127.0.0.1 ex20.2ch.net 127.0.0.1 f22base.2ch.net 127.0.0.1 food.2ch.net 127.0.0.1 food2.2ch.net 127.0.0.1 food3.2ch.net 127.0.0.1 food4.2ch.net 127.0.0.1 food5.2ch.net 127.0.0.1 food6.2ch.net 127.0.0.1 food7.2ch.net 127.0.0.1 flash.2ch.net 127.0.0.1 gamble.2ch.net 127.0.0.1 gamble2.2ch.net 127.0.0.1 game.2ch.net 127.0.0.1 game2.2ch.net 127.0.0.1 game3.2ch.net 127.0.0.1 game4.2ch.net 127.0.0.1 game5.2ch.net 127.0.0.1 game6.2ch.net 127.0.0.1 game7.2ch.net 127.0.0.1 game8.2ch.net 127.0.0.1 game9.2ch.net 127.0.0.1 game10.2ch.net 127.0.0.1 game11.2ch.net 127.0.0.1 game12.2ch.net 127.0.0.1 hack72.2ch.net 127.0.0.1 headline.2ch.net 127.0.0.1 hikky.2ch.net 127.0.0.1 hobby.2ch.net 127.0.0.1 hobby2.2ch.net 127.0.0.1 hobby3.2ch.net 127.0.0.1 hobby4.2ch.net 127.0.0.1 hobby5.2ch.net 127.0.0.1 hobby6.2ch.net 127.0.0.1 hobby7.2ch.net 127.0.0.1 hobby8.2ch.net 127.0.0.1 hobby9.2ch.net 127.0.0.1 human.2ch.net 127.0.0.1 human2.2ch.net 127.0.0.1 human4.2ch.net 127.0.0.1 human5.2ch.net 127.0.0.1 human6.2ch.net 127.0.0.1 i.2ch.net 127.0.0.1 img.2ch.net 127.0.0.1 info.2ch.net 127.0.0.1 invisible.2ch.net 127.0.0.1 irc.2ch.net 127.0.0.1 irc2.2ch.net 127.0.0.1 is.2ch.net 127.0.0.1 itadaki.2ch.net 127.0.0.1 jbbs.2ch.net 127.0.0.1 jump.2ch.net 127.0.0.1 kaba.2ch.net 127.0.0.1 kitanet.2ch.net 127.0.0.1 life.2ch.net 127.0.0.1 life2.2ch.net 127.0.0.1 life3.2ch.net 127.0.0.1 life4.2ch.net 127.0.0.1 life5.2ch.net 127.0.0.1 life6.2ch.net 127.0.0.1 life7.2ch.net 127.0.0.1 life8.2ch.net 127.0.0.1 live.2ch.net 127.0.0.1 live2.2ch.net 127.0.0.1 live3.2ch.net 127.0.0.1 live4.2ch.net 127.0.0.1 live5.2ch.net 127.0.0.1 live6.2ch.net 127.0.0.1 live7.2ch.net 127.0.0.1 live8.2ch.net 127.0.0.1 live9.2ch.net 127.0.0.1 live10.2ch.net 127.0.0.1 live11.2ch.net 127.0.0.1 live12.2ch.net 127.0.0.1 live13.2ch.net 127.0.0.1 live15.2ch.net 127.0.0.1 live14.2ch.net 127.0.0.1 live16.2ch.net 127.0.0.1 live17.2ch.net 127.0.0.1 live18.2ch.net 127.0.0.1 live19.2ch.net 127.0.0.1 live20.2ch.net 127.0.0.1 live21.2ch.net 127.0.0.1 live22x.2ch.net 127.0.0.1 live23.2ch.net 127.0.0.1 live23b.2ch.net 127.0.0.1 live23f1.2ch.net 127.0.0.1 live23f2.2ch.net 127.0.0.1 live24f3.2ch.net 127.0.0.1 live23f4.2ch.net 127.0.0.1 live23f5.2ch.net 127.0.0.1 live24.2ch.net 127.0.0.1 live24b.2ch.net 127.0.0.1 live24f1.2ch.net 127.0.0.1 live24f2.2ch.net 127.0.0.1 live24f3.2ch.net 127.0.0.1 live24f4.2ch.net 127.0.0.1 live24f5.2ch.net 127.0.0.1 live25.2ch.net 127.0.0.1 live26.2ch.net 127.0.0.1 liveb1.2ch.net 127.0.0.1 livex.2ch.net 127.0.0.1 love.2ch.net 127.0.0.1 love2.2ch.net 127.0.0.1 love3.2ch.net 127.0.0.1 love4.2ch.net 127.0.0.1 m.2ch.net 127.0.0.1 m2.2ch.net 127.0.0.1 mail.2ch.net 127.0.0.1 mentai.2ch.net 127.0.0.1 menu.2ch.net 127.0.0.1 mona.2ch.net 127.0.0.1 money.2ch.net 127.0.0.1 money2.2ch.net 127.0.0.1 money3.2ch.net 127.0.0.1 money4.2ch.net 127.0.0.1 money5.2ch.net 127.0.0.1 movie.2ch.net 127.0.0.1 music.2ch.net 127.0.0.1 music2.2ch.net 127.0.0.1 music3.2ch.net 127.0.0.1 music4.2ch.net 127.0.0.1 music5.2ch.net 127.0.0.1 music6.2ch.net 127.0.0.1 music7.2ch.net 127.0.0.1 natto.2ch.net 127.0.0.1 news2.2ch.net 127.0.0.1 news3.2ch.net 127.0.0.1 news4.2ch.net 127.0.0.1 news5.2ch.net 127.0.0.1 news6.2ch.net 127.0.0.1 news7.2ch.net 127.0.0.1 news8.2ch.net 127.0.0.1 news9.2ch.net 127.0.0.1 news10.2ch.net 127.0.0.1 news11.2ch.net 127.0.0.1 news12.2ch.net 127.0.0.1 news13.2ch.net 127.0.0.1 news14.2ch.net 127.0.0.1 news15.2ch.net 127.0.0.1 news16.2ch.net 127.0.0.1 news17.2ch.net 127.0.0.1 news18.2ch.net 127.0.0.1 news20.2ch.net 127.0.0.1 news20b.2ch.net 127.0.0.1 news20f1.2ch.net 127.0.0.1 news20f2.2ch.net 127.0.0.1 news20f3.2ch.net 127.0.0.1 news20f4.2ch.net 127.0.0.1 news20f5.2ch.net 127.0.0.1 news21.2ch.net 127.0.0.1 newsnavi.2ch.net 127.0.0.1 o-o.2ch.net 127.0.0.1 off.2ch.net 127.0.0.1 off2.2ch.net 127.0.0.1 off3.2ch.net 127.0.0.1 off4.2ch.net 127.0.0.1 ooo.2ch.net 127.0.0.1 oyster.2ch.net 127.0.0.1 p2.2ch.net 127.0.0.1 pc.2ch.net 127.0.0.1 pc2.2ch.net 127.0.0.1 pc3.2ch.net 127.0.0.1 pc4.2ch.net 127.0.0.1 pc5.2ch.net 127.0.0.1 pc6.2ch.net 127.0.0.1 pc7.2ch.net 127.0.0.1 pc8.2ch.net 127.0.0.1 pc9.2ch.net 127.0.0.1 pc10.2ch.net 127.0.0.1 piza.2ch.net 127.0.0.1 piza2.2ch.net 127.0.0.1 pyon.2ch.net 127.0.0.1 qa.2ch.net 127.0.0.1 qb.2ch.net 127.0.0.1 qb2.2ch.net 127.0.0.1 qb3.2ch.net 127.0.0.1 qb4.2ch.net 127.0.0.1 qb5.2ch.net 127.0.0.1 qb6.2ch.net 127.0.0.1 remona.2ch.net 127.0.0.1 rock54.2ch.net 127.0.0.1 saki.2ch.net 127.0.0.1 salad.2ch.net 127.0.0.1 salami.2ch.net 127.0.0.1 school.2ch.net 127.0.0.1 school2.2ch.net 127.0.0.1 school3.2ch.net 127.0.0.1 school4.2ch.net 127.0.0.1 school5.2ch.net 127.0.0.1 school6.2ch.net 127.0.0.1 science.2ch.net 127.0.0.1 science2.2ch.net 127.0.0.1 science3.2ch.net 127.0.0.1 science4.2ch.net 127.0.0.1 science5.3ch.net 127.0.0.1 shop.2ch.net 127.0.0.1 snow.2ch.net 127.0.0.1 snowfront1.2ch.net 127.0.0.1 snowfront2.2ch.net 127.0.0.1 society.2ch.net 127.0.0.1 society2.2ch.net 127.0.0.1 society3.2ch.net 127.0.0.1 society4.2ch.net 127.0.0.1 sp.2ch.net 127.0.0.1 sports.2ch.net 127.0.0.1 sports2.2ch.net 127.0.0.1 sports3.2ch.net 127.0.0.1 sports4.2ch.net 127.0.0.1 sports5.2ch.net 127.0.0.1 sports6.2ch.net 127.0.0.1 sports7.2ch.net 127.0.0.1 sports8.2ch.net 127.0.0.1 sports9.2ch.net 127.0.0.1 sports10.2ch.net 127.0.0.1 stats.2ch.net 127.0.0.1 stock.2ch.net 127.0.0.1 tako.2ch.net 127.0.0.1 teri.2ch.net 127.0.0.1 that.2ch.net 127.0.0.1 that2.2ch.net 127.0.0.1 that3.2ch.net 127.0.0.1 that4.2ch.net 127.0.0.1 ton.2ch.net 127.0.0.1 tmp.2ch.net 127.0.0.1 tmp2.2ch.net 127.0.0.1 tmp3.2ch.net 127.0.0.1 tmp4.2ch.net 127.0.0.1 tmp5.2ch.net 127.0.0.1 tmp6.2ch.net 127.0.0.1 travel.2ch.net 127.0.0.1 travel2.2ch.net 127.0.0.1 travel3.2ch.net 127.0.0.1 tora3.2ch.net 127.0.0.1 tv.2ch.net 127.0.0.1 tv2.2ch.net 127.0.0.1 tv3.2ch.net 127.0.0.1 tv4.2ch.net 127.0.0.1 tv5.2ch.net 127.0.0.1 tv6.2ch.net 127.0.0.1 tv7.2ch.net 127.0.0.1 tv8.2ch.net 127.0.0.1 tv9.2ch.net 127.0.0.1 tv10.2ch.net 127.0.0.1 uma.2ch.net 127.0.0.1 v-v.2ch.net 127.0.0.1 watch.2ch.net 127.0.0.1 yasai.2ch.net 127.0.0.1 zonu.2ch.net
The modifications mean that requests sent to the servers listed above will be blocked.
This is the result of the activity of another malicious program.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Modify the %System%\drivers\etc\hosts file using any standard application (e.g. Notepad). Delete the strings added by the Trojan. The original hosts file has the following contents:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Trojan
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
Other versions
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.