QHOST-A

The Qhost-A is a trojan that redirects traffic to selected ip addresses and prevents access to selected websites.


REMOVAL INSTRUCTIONS:

• Run REGEDIT and modify/delete these values:
  • In registry key:
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP]
    
    "EnableDNS"="1" - modify value to "O"
    "HostName"="host" - delete
    "Domain" = "mydomain.com" - delete
    
  • In registry key:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    
    "Search Page"="http://www.google.com" - delete "Search Bar"="http://www.google.com/ie" - delete
    
  • In registry key:
    [HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\SearchURL]
    
    ""=http://www.google.com/keyword/%s" - delete "provider"="gog1" - delete
    
  • In registry key:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    
    "SearchAssistant"="http://www.google.com/ie" - delete
    
  • In registry key:
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    
    "DataBasePath"="DataBasePath"="%SystemRoot%\help" - modify to "%SystemRoot%\System32\drivers\etc"
    
  • In registry key:
    "DatabasePath"="DataBasePath"="%SystemRoot%\help" - modify to "%SystemRoot%\System32\drivers\etc"
    
  
  
• Delete these lines from modified host files:
  elite
  www.google.akadns.net
  www.google.com
  google.com
  
  Host file paths are:
  
  • Windows95/98/ME
    
    \windows\help\hosts
    and \windows\hosts
  • Windows 2000/XP
    
    \WINNT\help\hosts
  
  
• Run Vbuster.Exe and use it to delete all infected files

Return Home