BREAKING NEWS: Windows Defender Advanced Threat Protection (Windows Defender ATP) to include AI-driven automated investigation and remediation capabilities later this year.Learn more
Alert level: Severe Detected with Windows Defender Antivirus
Also detected as: Trojan.Win32.Crypt.cqt (Kaspersky)
Windows Defender detects and removes this threat.
Trojan:Win32/Alureon.GQ is a member of the Win32/Alureon family of malware - a family of data-stealing malware. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information from your computer, such as user names, passwords, and credit card data.
The trojan is also used to generate traffic to specific URLs.
Win32/Alureon can also allow an attacker to transmit malicious data to your computer. It might modify DNS settings on your computer to enable the attacker to perform these tasks.
The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When you attempt to visit a particular URL, a browser uses DNS servers to find the correct IP address of the requested domain. When you are directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing you to possibly bogus or malicious sites without your knowledge.
You might need to reconfigure DNS settings after the trojan is removed from your computer. See the "What to do now" section below for advice on how to do this.