TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_QHOSTS.A
Overview
Solution

Malware type: Trojan

Aliases: Trojan.BAT.Delude.a (Kaspersky), QHosts-1 (McAfee), Trojan Horse (Symantec), TR/BAT.Delude.E (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 Low

Distribution potential:

 Medium

Description: 

This Trojan is hosted on several malicious Web sites, which uses the Object Data Remote Execution Vulnerability to drop and execute it on the target system.

For more information on this vulnerability and to get hold of the critical patches, visit the following Microsoft page:

It also performs other malicious routines as follows:

  • Enable and modify Domain Name System (DNS) settings
  • Set the Name server 69.57.1<BLOCKED>6.14 and 69.57.1ltBLOCKED>7.175
  • Set domain name to host.mydomain.com
  • Disable proxy
  • Disable migrate proxy
  • Disable search assistant
  • Set search page to www.google.com
  • Set search bar to www.google.com/ie
  • Set search assistant to www.google.com/ie

This UPX-compressed malware runs on Windows 95, 98, ME, NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 1, 2003 7:05:54 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.