Downloader.Tooncom

Downloader.Tooncom is a Trojan Horse that consists of two files, Loader.exe and iedll.exe.

This Trojan overwrites the Windows Hosts file, which is used for name resolution. The Trojan also modifies the Internet Explorer Search and Home pages, as well as Favorites.



The following instructions discuss how to fix the Windows host file so that the added name resolution entries do not forward you to 66.40.16.131.

1. Using Windows Explorer, look for the Windows host file in the following locations, if the locations exist:
   • C:\Windows\System32\Drivers\Etc\hosts
   • C:\Windows\hosts
   • C:\Winnt\System32\Drivers\Etc\hosts
   • C:\Winnt\hosts
   • D:\Windows\System32\Drivers\Etc\hosts
   • D:\Windows\hosts
   • D:\Winnt\System32\Drivers\Etc\hosts
   • D:\Winnt\hosts
     
     
2. For each \hosts file that you find, double-click the file.
3. When the "Open With" dialog box appears, scroll through the list and select Notepad. Do not check the "Always open this program with. . ." box.
4. Within the file, delete any lines that begin with 66.40.16.131.
5. Save the host file.

Protection

• Initial Rapid Release version October 27, 2003
• Latest Rapid Release version January 12, 2010 revision 017
• Initial Daily Certified version October 27, 2003
• Latest Daily Certified version January 12, 2010 revision 025
• Initial Weekly Certified release date October 29, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Low