Win32/Qhost [Threat Name] go to Threat
Win32/Qhost.PCZ [Threat Variant Name]
| Category | trojan |
| Size | 519680 B |
| Aliases | Trojan.Win32.VkHost.dfa (Kaspersky) |
| Trojan.Hosts.4073 (Dr.Web) | |
| TROJ_VKHOST.U (TrendMicro) |
Short description
Win32/Qhost.PCZ is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
Installation
The trojan does not create any copies of itself.
Other information
Win32/Qhost.PCZ is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
The trojan modifies the following file:
- %system%\drivers\etc\hosts
The trojan writes the following entries to the file:
- 173.224.114.161 vkontakte.ru
- 173.224.114.161 vk.com
- 173.224.114.161 durov.ru
- 173.224.114.161 www.vkontakte.ru
- 173.224.114.161 yandex.ru
- 173.224.114.161 google.ru
- 173.224.114.161 wikipedia.ru
- 173.224.114.161 mail.ru
- 173.224.114.161 odnoklassniki.ru
- 173.224.114.161 rambler.ru
- 173.224.114.161 ya.ru
- 173.224.114.161 google.com
- 173.224.114.161 www.google.ru
- 173.224.114.161 www.vk.com
- 173.224.114.161 www.durov.ru
- 173.224.114.161 www.yandex.ru
- 173.224.114.161 www.mail.ru
- 173.224.114.161 www.google.com
- 173.224.114.161 www.ya.ru
- 173.224.114.161 www.rambler.ru
- 173.224.114.161 www.odnoklassniki.ru
- 173.224.114.161 pda.vkontakte.ru
- 173.224.114.161 m.vkontakte.ru
- 173.224.114.161 www.m.vkontakte.ru
- 173.224.114.161 www.otvet.mail.ru
- 173.224.114.161 www.nigma.ru
- 173.224.114.161 nigma.ru
- 173.224.114.161 forum.antichat.ru
- 173.224.114.161 www.forum.antichat.ru
- 173.224.114.161 google.ua
- 173.224.114.161 www.google.ua