Home / malware Trojan:BAT/Qhost!gen
First posted on 07 May 2016.
Source: MicrosoftAliases :
There are no other names known for Trojan:BAT/Qhost!gen.
Explanation :
Trojan:BAT/Qhost!gen is a generic detection for a batch script that modifies a computer's Hosts file to prevent the user from accessing certain websites on the Microsoft domain.
Batch scripts detected as Trojan:BAT/Qhost!gen modify the Windows Hosts file. The local Hosts file overrides the DNS resolution of a website URL to a particular IP address. Malicious software may make modifications to the Hosts file in order to redirect specified URLs to different IP addresses. Malware often modifies an affected machine's hosts file in order to stop users from accessing websites associated with particular security-related applications (such as antivirus, for example).
Trojan:BAT/Qhost!gen detected batch scripts modify the Hosts file so that certain websites hosted on the microsoft.com domain, such as "microsoft.com" and "windowsupdate.microsoft.com" are re-directed to 'localhost' (127.0.0.1), subsequently blocking the user from accessing them.
Analysis by Amir FoudaLast update 07 May 2016
