Categories: Trojan,Adware,BHO,Toolbar
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
[Kaspersky]Trojan.Win32.Qhost.hn,Trojan.Win32.Qhost.pg,Trojan.Win32.Qhost.aei;
[Panda]Trj/Qhost.U,Trj/StartPage.BF,Trj/Conspy.B;
[Computer Associates]Win32.Qhosts.G,Win32/QHosts.AntiAdware!Trojan,Win32/QHosts!Trojan,Win32.Startpage.CB,Win32.Startpage.BV;
[Other]W32/Digarix.B!tr,VBS/QHosts,Win32/Qhosts.AB,Win32/Qhosts.AZ,Trojan:Win32/SystemHijack.gen,Sandbox W32/Malware.BLDRVisible Symptoms:
Files in system folders:
[%DESKTOP%]\kill spyware.url
[%SYSTEM%]\nsi189.dll
[%SYSTEM%]\nsl17D.dll
[%SYSTEM%]\nsm182.dll
[%SYSTEM%]\nsn178.dll
[%SYSTEM%]\nst173.dll
[%SYSTEM%]\nst2E.dll
[%SYSTEM%]\poker112.ico
[%SYSTEM%]\poker11212.ico
[%SYSTEM%]\poker11232112.ico
[%SYSTEM%]\rtneg2.dll
[%SYSTEM%]\tb22.dll
[%WINDOWS%]\downloaded program files\winb2s32.inf
[%DESKTOP%]\download free movies.url
[%DESKTOP%]\download free mp3s.url
[%DESKTOP%]\download movies.url
[%DESKTOP%]\free sony ps3.url
[%DESKTOP%]\free xbox 360.url
[%DESKTOP%]\gambling board.url
[%DESKTOP%]\hot sexy mamma.url
[%DESKTOP%]\kill all spyware.url
[%DESKTOP%]\kill evidence.url
[%DESKTOP%]\kill spyware.url
[%DESKTOP%]\kill viruses.url
[%DESKTOP%]\popup killer.url
[%DESKTOP%]\rate me.url
[%DESKTOP%]\sexsearch.url
[%DESKTOP%]\spyware killer.url
[%DESKTOP%]\xbox 360 free.url
[%SYSTEM%]\nsu2.tmp
[%SYSTEM%]\nsz1d.dll
[%SYSTEM%]\winb2s32.dll
[%DESKTOP%]\kill spyware.url
[%SYSTEM%]\nsi189.dll
[%SYSTEM%]\nsl17D.dll
[%SYSTEM%]\nsm182.dll
[%SYSTEM%]\nsn178.dll
[%SYSTEM%]\nst173.dll
[%SYSTEM%]\nst2E.dll
[%SYSTEM%]\poker112.ico
[%SYSTEM%]\poker11212.ico
[%SYSTEM%]\poker11232112.ico
[%SYSTEM%]\rtneg2.dll
[%SYSTEM%]\tb22.dll
[%WINDOWS%]\downloaded program files\winb2s32.inf
[%DESKTOP%]\download free movies.url
[%DESKTOP%]\download free mp3s.url
[%DESKTOP%]\download movies.url
[%DESKTOP%]\free sony ps3.url
[%DESKTOP%]\free xbox 360.url
[%DESKTOP%]\gambling board.url
[%DESKTOP%]\hot sexy mamma.url
[%DESKTOP%]\kill all spyware.url
[%DESKTOP%]\kill evidence.url
[%DESKTOP%]\kill spyware.url
[%DESKTOP%]\kill viruses.url
[%DESKTOP%]\popup killer.url
[%DESKTOP%]\rate me.url
[%DESKTOP%]\sexsearch.url
[%DESKTOP%]\spyware killer.url
[%DESKTOP%]\xbox 360 free.url
[%SYSTEM%]\nsu2.tmp
[%SYSTEM%]\nsz1d.dll
[%SYSTEM%]\winb2s32.dll How to detect QHosts:
Files:
[%DESKTOP%]\kill spyware.url
[%SYSTEM%]\nsi189.dll
[%SYSTEM%]\nsl17D.dll
[%SYSTEM%]\nsm182.dll
[%SYSTEM%]\nsn178.dll
[%SYSTEM%]\nst173.dll
[%SYSTEM%]\nst2E.dll
[%SYSTEM%]\poker112.ico
[%SYSTEM%]\poker11212.ico
[%SYSTEM%]\poker11232112.ico
[%SYSTEM%]\rtneg2.dll
[%SYSTEM%]\tb22.dll
[%WINDOWS%]\downloaded program files\winb2s32.inf
[%DESKTOP%]\download free movies.url
[%DESKTOP%]\download free mp3s.url
[%DESKTOP%]\download movies.url
[%DESKTOP%]\free sony ps3.url
[%DESKTOP%]\free xbox 360.url
[%DESKTOP%]\gambling board.url
[%DESKTOP%]\hot sexy mamma.url
[%DESKTOP%]\kill all spyware.url
[%DESKTOP%]\kill evidence.url
[%DESKTOP%]\kill spyware.url
[%DESKTOP%]\kill viruses.url
[%DESKTOP%]\popup killer.url
[%DESKTOP%]\rate me.url
[%DESKTOP%]\sexsearch.url
[%DESKTOP%]\spyware killer.url
[%DESKTOP%]\xbox 360 free.url
[%SYSTEM%]\nsu2.tmp
[%SYSTEM%]\nsz1d.dll
[%SYSTEM%]\winb2s32.dll
[%DESKTOP%]\kill spyware.url
[%SYSTEM%]\nsi189.dll
[%SYSTEM%]\nsl17D.dll
[%SYSTEM%]\nsm182.dll
[%SYSTEM%]\nsn178.dll
[%SYSTEM%]\nst173.dll
[%SYSTEM%]\nst2E.dll
[%SYSTEM%]\poker112.ico
[%SYSTEM%]\poker11212.ico
[%SYSTEM%]\poker11232112.ico
[%SYSTEM%]\rtneg2.dll
[%SYSTEM%]\tb22.dll
[%WINDOWS%]\downloaded program files\winb2s32.inf
[%DESKTOP%]\download free movies.url
[%DESKTOP%]\download free mp3s.url
[%DESKTOP%]\download movies.url
[%DESKTOP%]\free sony ps3.url
[%DESKTOP%]\free xbox 360.url
[%DESKTOP%]\gambling board.url
[%DESKTOP%]\hot sexy mamma.url
[%DESKTOP%]\kill all spyware.url
[%DESKTOP%]\kill evidence.url
[%DESKTOP%]\kill spyware.url
[%DESKTOP%]\kill viruses.url
[%DESKTOP%]\popup killer.url
[%DESKTOP%]\rate me.url
[%DESKTOP%]\sexsearch.url
[%DESKTOP%]\spyware killer.url
[%DESKTOP%]\xbox 360 free.url
[%SYSTEM%]\nsu2.tmp
[%SYSTEM%]\nsz1d.dll
[%SYSTEM%]\winb2s32.dll
Folders:
[%SYSTEM%]\b2s_cache
[%SYSTEM%]\cache32_trgen
[%PROFILE_TEMP%]\nsu3.tmp
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}
HKEY_CLASSES_ROOT\fixcore.mmfixcore.1
HKEY_CLASSES_ROOT\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}
HKEY_CLASSES_ROOT\interface\{02b577d5-2212-42f3-ad51-2f6a9ae43233}
HKEY_CLASSES_ROOT\Interface\{0A0CB91F-304B-44AD-9460-9C55465163A4}
HKEY_CLASSES_ROOT\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}
HKEY_CLASSES_ROOT\interface\{35ae618d-45f7-4aa7-a373-300dcb98858a}
HKEY_CLASSES_ROOT\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}
HKEY_CLASSES_ROOT\interface\{71c456dd-f55b-46ce-adcf-53d5899b8f79}
HKEY_CLASSES_ROOT\interface\{806fca2b-146f-4dc3-9ce7-3c576fea15c3}
HKEY_CLASSES_ROOT\interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}
HKEY_CLASSES_ROOT\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}
HKEY_CLASSES_ROOT\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}
HKEY_CLASSES_ROOT\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}
HKEY_CLASSES_ROOT\interface\{cb08e48a-fe7e-4f13-8593-b7ae6ec81d83}
HKEY_CLASSES_ROOT\interface\{d7a6df8d-b6cf-4c27-8e99-eca2ce370ea7}
HKEY_CLASSES_ROOT\interface\{ef90eb04-44c3-4ae5-9d01-c8def134d82a}
HKEY_CLASSES_ROOT\interface\{f912c325-5b26-4ad6-bf39-84370833e972}
HKEY_CLASSES_ROOT\typelib\{081de2f6-927b-4aa9-88c1-f531c9387383}
HKEY_CLASSES_ROOT\TypeLib\{33ADD70F-53AB-4F97-B4B6-997881820F6D}
HKEY_CLASSES_ROOT\typelib\{45782901-ba9f-422d-b231-bcb6487fac4b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\richedtr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\richup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\system32\winb2s32.dll
HKEY_CLASSES_ROOT\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}
HKEY_CLASSES_ROOT\clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}
HKEY_CLASSES_ROOT\clsid\{22b720c7-5fa6-40a8-9f8f-8584bf669690}
HKEY_CLASSES_ROOT\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}
HKEY_CLASSES_ROOT\clsid\{486145b0-37d1-428b-b3e1-26d26f690c79}
HKEY_CLASSES_ROOT\clsid\{4d568f0f-8ac9-40ab-88b7-415134c78777}
HKEY_CLASSES_ROOT\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}
HKEY_CLASSES_ROOT\clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}
HKEY_CLASSES_ROOT\clsid\{6024fcd5-91fc-4dc7-8481-63eabd5051d8}
HKEY_CLASSES_ROOT\clsid\{62631e26-b5a1-4ac4-a3ae-1cb72c6819c5}
HKEY_CLASSES_ROOT\clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}
HKEY_CLASSES_ROOT\clsid\{8037f7f0-80b6-453a-a7cb-5371a4a09bb8}
HKEY_CLASSES_ROOT\clsid\{82f55658-ca6d-4754-b313-5dcaafa0bb42}
HKEY_CLASSES_ROOT\clsid\{999a06ff-10ef-4a29-8640-69e99882c26b}
HKEY_CLASSES_ROOT\clsid\{c8186977-4d5e-4c2b-a5ab-98d59f05c610}
HKEY_CLASSES_ROOT\clsid\{cb5b2bc6-f957-4d8a-be67-83f3ec58ba01}
HKEY_CLASSES_ROOT\clsid\{d86f8319-7c7a-4f2c-927b-6fd286dc4371}
HKEY_CLASSES_ROOT\clsid\{e4776f3a-6936-4a9c-b2da-e57c239fd2f8}
HKEY_CLASSES_ROOT\clsid\{f90b494e-39e5-497d-ae7e-72a2bdca76d3}
HKEY_CLASSES_ROOT\clsid\{ff81672f-13ff-401f-8662-6e895c564cc4}
HKEY_CLASSES_ROOT\interface\{0a0cb91f-304b-44ad-9460-9c55465163a4}
HKEY_CLASSES_ROOT\interface\{1bd50530-0f3c-463a-8020-64075f16490c}
HKEY_CLASSES_ROOT\interface\{2f952b57-0af1-4306-9aaa-3fdc5d8919fe}
HKEY_CLASSES_ROOT\interface\{4530cf0d-266e-44f3-b84c-8a0f8c7434eb}
HKEY_CLASSES_ROOT\interface\{50060c0f-3ccd-4a68-a819-da20a8ae1885}
HKEY_CLASSES_ROOT\interface\{61883b41-a9c0-46de-a6d9-67e4983ae25e}
HKEY_CLASSES_ROOT\interface\{99e5004a-8fca-4780-8fc6-9a70ec0c70c4}
HKEY_CLASSES_ROOT\trfdsk.amo
HKEY_CLASSES_ROOT\trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.iiittt
HKEY_CLASSES_ROOT\trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.momo
HKEY_CLASSES_ROOT\trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.ohb
HKEY_CLASSES_ROOT\trfdsk.ohb.1
HKEY_CLASSES_ROOT\typelib\{33add70f-53ab-4f97-b4b6-997881820f6d}
HKEY_CLASSES_ROOT\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}
HKEY_CLASSES_ROOT\typelib\{7812d585-c5f0-458e-9922-c9b4ebe837e8}\1.0
HKEY_CLASSES_ROOT\winb2s.amo
HKEY_CLASSES_ROOT\winb2s.amo.1
HKEY_CLASSES_ROOT\winb2s.dbi
HKEY_CLASSES_ROOT\winb2s.dbi.1
HKEY_CLASSES_ROOT\winb2s.iiittt
HKEY_CLASSES_ROOT\winb2s.iiittt.1
HKEY_CLASSES_ROOT\winb2s.momo
HKEY_CLASSES_ROOT\winb2s.momo.1
HKEY_CLASSES_ROOT\winb2s.ohb
HKEY_CLASSES_ROOT\winb2s.ohb.1
HKEY_CLASSES_ROOT\zippyl.amo
HKEY_CLASSES_ROOT\zippyl.amo.1
HKEY_CLASSES_ROOT\zippyl.iiittt
HKEY_CLASSES_ROOT\zippyl.iiittt.1
HKEY_CLASSES_ROOT\zippyl.momo
HKEY_CLASSES_ROOT\zippyl.momo.1
HKEY_CLASSES_ROOT\zippyl.ohb
HKEY_CLASSES_ROOT\zippyl.ohb.1
HKEY_CLASSES_ROOT\{0e9f6ac0-a21a-4591-910f-e2c6f3ca094c}
HKEY_CURRENT_USER\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}
HKEY_CURRENT_USER\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}
HKEY_CURRENT_USER\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}
HKEY_CURRENT_USER\clsid\{999a06ff-10ef-4a29-8640-69e99882c26b}
HKEY_CURRENT_USER\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}
HKEY_CURRENT_USER\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}
HKEY_CURRENT_USER\interface\{32a9d21f-f510-44dc-9ea6-0456eda04668}
HKEY_CURRENT_USER\interface\{c93cc79d-02d5-45b0-be39-7f5b0e5dda31}
HKEY_CURRENT_USER\interface\{da4b919f-b757-4e32-8d79-dec5c2704c4b}
HKEY_CURRENT_USER\software\aaa_soft
HKEY_CURRENT_USER\software\nsz1d.dll
HKEY_CURRENT_USER\software\_dsktptr
HKEY_CURRENT_USER\software\_rtneg4
HKEY_CURRENT_USER\software\_trgen
HKEY_CURRENT_USER\trfdsk.iiittt
HKEY_CURRENT_USER\trfdsk.iiittt.1
HKEY_LOCAL_MACHINE\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\richedtr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\richup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22b720c7-5fa6-40a8-9f8f-8584bf669690}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4d568f0f-8ac9-40ab-88b7-415134c78777}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8037f7f0-80b6-453a-a7cb-5371a4a09bb8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{999a06ff-10ef-4a29-8640-69e99882c26b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\winb2s32.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\0cj9lp4k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\richeditor
HKEY_LOCAL_MACHINE\software\riched\stats\abi941
HKEY_LOCAL_MACHINE\software\riched\stats\rmg2
HKEY_LOCAL_MACHINE\software\riched\stats\sah
HKEY_LOCAL_MACHINE\software\winsoftware\winfixer
Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{07e9cdf4-20d2-46b1-b681-663968f527ce}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\riched
HKEY_LOCAL_MACHINE\software\riched\lib
Removing QHosts:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
No comments:
Post a Comment