Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
Official
Description:
This trojan attacks Windows firewall settings.
Comment:
Troj/QHosts-S is usually propagated through Spam mails. When users unknowingly extract the zip file of the Trojan, they will get infected.
When the Trojan executed, it drops a file into SYSTEM32 Folder. It modifies the start page of Internet Explorer to www.teengb.com. It also modifies HOSTS file, and redirects certain web-sites to an html page that will warn the user of the spyware infections. If we click on the page it redirects you to download an Rogue Anti-Spyware(Razespyware).
Screenshots:
Derived from a Trojan dropper - a fake Windowws Popup to entice users to click through and download a rouge application
Manual
removal:
Remove the following file
%WINDIR%\SYSTEM32\svchst.exe (do not remove svchost.exe)
Remove the following Registry Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "useful-soft"
Troj/QHosts-S adds 1223180317 domains with HOSTS file. So you need to replace HOSTS file with new one. Download the HOSTS file from the link,
http://www.mvps.org/winhelp2002/hosts.zip
extract and save it on Desktop. Double click on the file "mvps.bat" to copy the included HOSTS file to the proper location on your machine. This batch file will backup the existing HOSTS file prior to copying the updated version. The backed-up file will be renamed to HOSTS.MVP.
To use: double-click on mvps.bat
Note: if prompted by one of your Security programs about this file, allow it to run. Also if
you are prompted by a Security program about changes to the HOSTs file = allow them.
[Important Notice - 2K/XP Users]
In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs
in W2000 and XP. Windows 98 and Windows ME are not affected.
To resolve this issue (manually) open the "Services Editor"
Start | Run (type) "services.msc" (no quotes)
Scroll down to "DNS Client", Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.
For more details please see:
http://www.mvps.org/winhelp2002/hosts.htm
Note: The above instructions are intended for a single (home-user) PC. If your machine is part of a "Domain", check with your IT Dept. before applying this work-around. This especially applies to Laptop users who travel or bring their machines home. Make sure to reset the Service prior to connecting (reboot required) to your work Domain ...
Note: This HOSTS file can protect from known malicious web-sites also.
8 [