Win32/Dost [Threat Name] go to Threat

Win32/Dost.AA [Threat Variant Name]

Category trojan
Size 98938 B
Detection created Jan 12, 2013
Detection database version 7887
Aliases Trojan.Win32.Qhost.aeyv (Kaspersky)
  RDN/Qhost-Gen!a.trojan (McAfee)
  Trojan:Win32/Dynamer!dtc (Microsoft)
Short description

Win32/Dost.AA is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses. The file is run-time compressed using RAR SFX .

Installation

When executed, the trojan creates the following files:

  • %temp%\­do.exe (20480 B, Win32/Dost.AA)
  • %temp%\­ynrteo.bat (4411 B, Win32/Dost.AA)

The files are then executed.

Other information

Win32/Dost.AA is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The trojan modifies the following file:

  • %systemroot%\­system32\­drivers\­etc\­hosts

The trojan writes the following entries to the file:

  • 127.0.0.1 localhost
  • 91.208.16.6 m.odnoklassniki.ru
  • 91.208.16.6 my.mail.ru
  • 91.208.16.6 b1.userdail.ru
  • 91.208.16.6 c1.userdail.ru
  • 91.208.16.6 odnoklassniki.ru
  • 91.208.16.6 www.odnoklassniki.ru
  • 91.208.16.6 www.yandex.ru
  • 91.208.16.6 www.e.mail.ru
  • 91.208.16.6 e.mail.ru
  • 91.208.16.6 a1.userdail.ru
  • 91.208.16.6 yandex.ru
  • 91.208.16.6 vk.com
  • 91.208.16.6 m.vk.com
  • 91.208.16.6 mail.ru

The following programs are terminated:

  • praetorian.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.