We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:BAT/Qhost.AE
Aliases: Trojan/Win32.Qhost (AhnLab) W32/Qhost.M.gen!Eldorado (Command) Trojan-Banker.Win32.Qhost.abak (Kaspersky)
Summary
Trojan:BAT/Qhost.AE is a trojan that modifies your computer's HOSTS file to redirect Internet traffic through its own predefined server.
The HOSTS file is used to resolve what IP address to go to when you try to go to a certain URL. Malicious software may make changes to this file so that when you try to access one website, you are redirected to another.
Additional remediation instructions for Trojan:BAT/Qhost.AE
This threat may make lasting changes to a computer's configuration that are not restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article:
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
Additional remediation instructions for Trojan:BAT/Qhost.AE
This threat may make lasting changes to a computer's configuration that are not restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article:
