Home / malware Trojan:BAT/Qhost.AI
First posted on 06 April 2013.
Source: MicrosoftAliases :
Trojan:BAT/Qhost.AI is also known as TR/Qhost.rusef (Avira), Trojan.Hosts.7988 (Dr.Web), Trojan-SkyHook (McAfee).
Explanation :
Payload
Changes contents of HOSTS file
This trojan blocks access to, or redirects access of, Russian websites, for example:
- m.my.mail.ru
- m.odnoklassniki.ru
- m.ok.ru
- m.vk.com
- my.mail.ru
- odnoklassniki.ru
- ok.ru
- vk.com
- www.odnoklassniki.ru
If it redirects, it redirects access to the server at the address 192.157.248.175.
It does this by changing the contents of the HOSTS file.
Analysis by Zhitao Zhou
Last update 06 April 2013
