We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Qhost.DY
Detected by Microsoft Defender Antivirus
Aliases: W32/Malware.OFJP (Norman) Trojan.Generic.5123224 (BitDefender) BAT/Qhost.NHM (ESET) Trojan.BAT.Qhost.kq (Kaspersky) Trojan.Win32.Generic.12592026 (Rising AV)
Summary
Trojan:Win32/Qhost.DY is a trojan that modifies the affected user's Windows Hosts file in order to redirect traffic to a predefined IP address.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for Trojan:Win32/Qhost.DY
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Recreating a clean Hosts file: http://support.microsoft.com/kb/972034
Follow us
