Win32/Dost [Threat Name] go to Threat
Win32/Dost.BU [Threat Variant Name]
Category | trojan |
Size | 143360 B |
Aliases | Trojan:BAT/Qhost.AI (Microsoft) |
Short description
Win32/Dost.BU is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
Installation
When executed, the trojan creates the following files:
- %temp%\1.bat (7569 B)
- %temp%\JavaInstaller.exe (103424 B)
The files are then executed.
Other information
Win32/Dost.BU is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
The trojan modifies the following file:
- %system%\drivers\etc\hosts
The trojan writes the following entries to the file:
- 127.0.0.1 localhost
- 91.208.16.247 google.ru
- 91.208.16.247 m.odnoklassniki.ru
- 91.208.16.247 e.mail.ru
- 91.208.16.247 my.mail.ru
- 91.208.16.247 a2.userdail.ru
- 91.208.16.247 vk.com
- 91.208.16.247 yandex.ru
- 91.208.16.247 mail.ru
- 91.208.16.247 m.vk.com
- 91.208.16.247 www.e.mail.ru
- 91.208.16.247 b4.userdail.ru
- 91.208.16.247 www.google.com.ua
- 91.208.16.247 www.yandex.ru
- 91.208.16.247 google.com
- 91.208.16.247 www.odnoklassniki.ru
- 91.208.16.247 odnoklassniki.ru
- 91.208.16.247 c5.userdail.ru
- 91.208.16.247 www.google.com
- 91.208.16.247 google.com.ua
- 91.208.16.247 www.google.ru
The following programs are terminated:
- praetorian.exe
- GuardMailRu.exe
- adawarebp.exe