PCBugSquad

Description:

The Troj/MalHost-Trojan pretends to be a video, but in reality is malware that changes your Windows HOSTS file that will redirect your web browser to further malicious sites. While the infection’s video is being shown on your desktop, the Trojan modifies your Windows HOSTs files to redirect popular web sites to malicious services under the malware writer’s control.  These web sites will instead attempt to infect you with further malware.

When infected, this Trojan will create the C:\Program Files\QuickTime_.exe file and then create the following registry key to start itself automatically when Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Apple Inc.” = “C:\Program Files\QuickTime_.exe -atboottime”

Manual Removal Instructions for Troj/MalHost-B

End these processes if they exist:
Learn how to end processes

QuickTime_.exe

Delete these files if they exist:
Lean how to remove files

C:\Program Files\QuickTime_.exe

Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Apple Inc.”

This entry was posted on Monday, March 9th, 2009 at 1:19 pm and is filed under Malware Removal Guide, Trojan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.