1. Symantec/
  2. Security Response/
  3. Trojan.Qhosts


Risk Level 2: Low

October 1, 2003
February 13, 2007 12:08:26 PM
Also Known As:
QHosts-1 [McAfee], VBS.QHOSTS [CA], Troj/Qhosts-1 [Sophos], TROJ_QHOSTS.A [Trend], Trojan.BAT.Delude.c [KAV]
Trojan Horse
Systems Affected:
CVE References:

Trojan.Qhosts is a Trojan Horse that will modify the TCP/IP settings to point to a different DNS server.

Trojan.Qhosts cannot spread by itself. The user must open an HTML page that contains malicious code, which allows the Trojan to open a viral HTML file on the target computer so that the script can create and run the malicious executable.

Symantec Security Response has received reports that visiting a specific page on www.fortunecity.com caused a popup to be displayed, which redirected the visitor to a different Web page. Being redirected to the Web page appears to have caused the Trojan Horse to be downloaded to a visitor's system, and then executed. Reports also state that the threat exploited the Internet Explorer Object Data Remote Execution vulnerability on several victims' computers to execute itself. Microsoft has released a cumulative patch for this vulnerability.

Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2003
  • Latest Rapid Release version March 20, 2018 revision 066
  • Initial Daily Certified version October 2, 2003 revision 002
  • Latest Daily Certified version March 21, 2018 revision 003
  • Initial Weekly Certified release date October 2, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube