My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


1,96 MB
(, Win32:Qhost-BXO, Adware.SearchTwo.36)


You are infected with Trojan.Qhost.AKR if:
- If you have BitDefender products installed on your computer and you cannot update them
- the %WINDIR%\System32\Drivers\etc\hosts file contains the line:

Removal instructions:

Please let BitDefender delete the infected file.
Go to the %WINDIR%\System32\Drivers\etc directory and check if the hosts file contains the line:
If so, change the hosts files attributes: remove the hidden, system and readonly attributes by typing to the command line:
       attrib -h -s -r hosts
     and afterwards, open the hosts file with an editor (ex: notepad) and delete the line mentioned above (the line containing:

Analyzed By

Boeriu Laura, virus researcher

Technical Description:

      Trojan.Qhost.AKR comes as a patcher for BitDefender products 2008 (Internet Security 2008, Total Security 2008 and Antivirus Plus 2008) with a user interface and instructions on how to use it. At some point, you are requested to push a button that will modify the %WINDIR%\System32\Drivers\etc\hosts file, adding as entry the Bitdefender antivirus update site pointing to localhost. This will impede the antivirus to update.

     Also, the attributes of the %WINDIR%\System32\Drivers\etc\hosts file will be set to hidden, system and readonly, making it more difficult to be seen and changed by an unexperienced user.