(Trojan.Win32.Qhost.tk, Win32:Qhost-BXO, Adware.SearchTwo.36)
You are infected with Trojan.Qhost.AKR if:
- If you have BitDefender products installed on your computer and you cannot update them
- the %WINDIR%\System32\Drivers\etc\hosts file contains the line:
Please let BitDefender delete the infected file.
Go to the %WINDIR%\System32\Drivers\etc directory and check if the hosts file contains the line:
If so, change the hosts files attributes: remove the hidden, system and readonly attributes by typing to the command line:
attrib -h -s -r hosts
and afterwards, open the hosts file with an editor (ex: notepad) and delete the line mentioned above (the line containing: 127.0.0.1 update.bitdefender.com)
Boeriu Laura, virus researcher
Trojan.Qhost.AKR comes as a patcher for BitDefender products 2008 (Internet Security 2008, Total Security 2008 and Antivirus Plus 2008) with a user interface and instructions on how to use it. At some point, you are requested to push a button that will modify the %WINDIR%\System32\Drivers\etc\hosts file, adding as entry the Bitdefender antivirus update site pointing to localhost. This will impede the antivirus to update.
Also, the attributes of the %WINDIR%\System32\Drivers\etc\hosts file will be set to hidden, system and readonly, making it more difficult to be seen and changed by an unexperienced user.