We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.GQ
Aliases: Trojan.Win32.Crypt.cqt (Kaspersky)
Summary
Windows Defender detects and removes this threat.
Trojan:Win32/Alureon.GQ is a member of the Win32/Alureon family of malware - a family of data-stealing malware. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information from your computer, such as user names, passwords, and credit card data.
The trojan is also used to generate traffic to specific URLs.
Win32/Alureon can also allow an attacker to transmit malicious data to your computer. It might modify DNS settings on your computer to enable the attacker to perform these tasks.
The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When you attempt to visit a particular URL, a browser uses DNS servers to find the correct IP address of the requested domain. When you are directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing you to possibly bogus or malicious sites without your knowledge.
You might need to reconfigure DNS settings after the trojan is removed from your computer. See the "What to do now" section below for advice on how to do this.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
