71 users online (0 members and 71 guests)  

Thread: trojan.qHosts


  Results 1 to 5 of 5

Related

  1. Article: File-sharing programs carry Trojan horse    Forum: Webmaster Ethics
    Replies: 0
  1. #1
    christodd's Avatar
    New User

    Status
    Offline
    Join Date
    Oct 2003
    Location
    Tacoma, Washington
    Posts
    20

    Exclamation trojan.qHosts

    Have you guys heard about this trojan.qHosts trojan virus out there ? It's new, it's mean, and it's getting worse.

    I've been following the threads at googleGuy, ever since I had a problem.

    My googletoolbar stopped working - and then I couldn't reach google. It was weird, and I figured maybe google was down. A couple of days later, I still couldn't reach it - and my internet access was flaky....

    I've been trying to get my site listed in google, so I was doing some research when I ran across some other people with the same problem - seems like the culprit is a trojan from some website(s) that exploits Internet explorer and creates a HOSTS file that overrides the IP address resolution for all the google sites. It also changed my DNS server.....

    So today, I find some new posts - apparently there is a new version that the removal tools don't find, and this one hijacks all the search engines - yahoo, lycos, exactseek, etc...

    Any clues on what sites might have this piece of work on them ?

    admin edited

    -Chris
    Last edited by HTML; 10-31-2003 at 05:04 PM.

  2. #2
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    welcome to the forums feel free to share any info you may have with the community.

    Dave

  3. #3
    christodd's Avatar
    New User

    Status
    Offline
    Join Date
    Oct 2003
    Location
    Tacoma, Washington
    Posts
    20
    Quote Originally Posted by Dave
    welcome to the forums feel *ree to share any info you may have with the community.

    Dave
    Thanks for the warm greeting... I'm enjoying it here.

    -Chris

  4. #4
    kmyers's Avatar
    New User

    Status
    Offline
    Join Date
    Oct 2003
    Posts
    1

    Check for JS_FORTNIGHT.M virus

    See http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_FORTNIGHT.M
    for information.




    Quote Originally Posted by christodd
    Have you guys heard about this trojan.qHosts trojan virus out there ? It's new, it's mean, and it's getting worse.

    I've been following the threads at googleGuy, ever since I had a problem.

    My googletoolbar stopped working - and then I couldn't reach google. It was weird, and I figured maybe google was down. A couple of days later, I still couldn't reach it - and my internet access was flaky....

    I've been trying to get my site listed in google, so I was doing some research when I ran across some other people with the same problem - seems like the culprit is a trojan from some website(s) that exploits Internet explorer and creates a HOSTS file that overrides the IP address resolution for all the google sites. It also changed my DNS server.....

    So today, I find some new posts - apparently there is a new version that the removal tools don't find, and this one hijacks all the search engines - yahoo, lycos, exactseek, etc...

    Any clues on what sites might have this piece of work on them ?

    admin edited

    -Chris

  5. #5
    RF2OOO's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Aug 2010
    Posts
    30

    Re: trojan.qHosts

    You can remove the Trojan.Qhosts virus with MalwareBytes.org's AV software, I was shown this by one of my friends...

    Quote Originally Posted by AceKidd01

    Sure, here's a log of that virus, if he has the ASK.com toolbar, that is most likely the cause. It's a dll embedded in the AppData/local folder for that windows user.


    Malwarebytes' Anti-Malware 1.45
    http://www.malwarebytes.org

    Database version: 4006

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    19/4/2010 22:45:38
    mbam-log-2010-04-19 (22-45-38).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 328742
    Time elapsed: 33 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{8EA0DC73-C13B-438A-AEAC-1951228AD6B3}-server.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
    C:\Users\user\AppData\Local\Temp\gert0.dll (Trojan.Qhosts) -> Quarantined and deleted successfully.
    C:\Users\user\AppData\Local\Temp\XX--XX--XX.txt (Malware.Trace) -> Quarantined and deleted successfully.

    All I know about the JS Fortnight bug is that it's a Web-based javascript bug, but not as bad as the DLL bug. Hope that helps, prevention from infection is better than trying to fix an infection



Tags for this Thread