Win32/Dost [Threat Name] go to Threat

Win32/Dost.BU [Threat Variant Name]

Category trojan
Size 143360 B
Detection created Mar 03, 2013
Signature database version 8072
Aliases Trojan:BAT/Qhost.AI (Microsoft)
Short description

Win32/Dost.BU is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.

Installation

When executed, the trojan creates the following files:

  • %temp%\­1.bat (7569 B)
  • %temp%\­JavaInstaller.exe (103424 B)

The files are then executed.

Other information

Win32/Dost.BU is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The trojan modifies the following file:

  • %system%\­drivers\­etc\­hosts

The trojan writes the following entries to the file:

  • 127.0.0.1 localhost
  • 91.208.16.247 google.ru
  • 91.208.16.247 m.odnoklassniki.ru
  • 91.208.16.247 e.mail.ru
  • 91.208.16.247 my.mail.ru
  • 91.208.16.247 a2.userdail.ru
  • 91.208.16.247 vk.com
  • 91.208.16.247 yandex.ru
  • 91.208.16.247 mail.ru
  • 91.208.16.247 m.vk.com
  • 91.208.16.247 www.e.mail.ru
  • 91.208.16.247 b4.userdail.ru
  • 91.208.16.247 www.google.com.ua
  • 91.208.16.247 www.yandex.ru
  • 91.208.16.247 google.com
  • 91.208.16.247 www.odnoklassniki.ru
  • 91.208.16.247 odnoklassniki.ru
  • 91.208.16.247 c5.userdail.ru
  • 91.208.16.247 www.google.com
  • 91.208.16.247 google.com.ua
  • 91.208.16.247 www.google.ru

The following programs are terminated:

  • praetorian.exe
  • GuardMailRu.exe
  • adawarebp.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.