Trojan

Should I remove “Trojan:BAT/Qhost.AF”?

Malware Removal

The Trojan:BAT/Qhost.AF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:BAT/Qhost.AF virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify proxy settings
  • The sample wrote data to the system hosts file.

How to determine Trojan:BAT/Qhost.AF?



File Info:

name: 18FAACBE9616CF1EEC5A.mlw
path: /opt/CAPEv2/storage/binaries/71668005d9bacfa0b8fa406482db9aa2e72aab1a311de7c3ea290065e698f7b2
crc32: F54F14B7
md5: 18faacbe9616cf1eec5a0292010c5bd1
sha1: 15e355106dda20983f1594e762c913fcce5d3ea0
sha256: 71668005d9bacfa0b8fa406482db9aa2e72aab1a311de7c3ea290065e698f7b2
sha512: dd542cec7cad88cfea0603f3bd3b9f1fa1ed996e5e2953f1e8f53d84017749da99091856d8d18a62fccacaa9ab63b5f882e6082aaa7404939d1ca2a05d49def7
ssdeep: 3072:ABAp5XhKpN4eOyVTGfhEClj8jTk+0htTOE7:3bXE9OiTGfhEClq9QO8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T116C36B21B5C18973C1010B7C5D0BD665D83A7B202E7C61C777DE4F9C9EF62862A2D2BA
sha3_384: 750bd56423cfc7758730e852b4560ad96b65f54d99ca74753d195ba571329ab543f0a12faa626d43b320eec41fa44890
ep_bytes: 558bec83c4f0b89c7c4100e86cabfeff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: Spinkey                                                     
FileDescription: Hankey 1.16 Installation                                    
FileVersion: 1.16                
LegalCopyright: Spinkey                                                                                             
Translation: 0x0409 0x04e4

Trojan:BAT/Qhost.AF also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebTrojan.Hosts.6838
MicroWorld-eScanGen:Heur.SMHeist.1
ALYacGen:Heur.SMHeist.1
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Heur.SMHeist.1
SangforTrojan.Win32.Bicololo.Vkiu
K7AntiVirusTrojan ( 004b93841 )
AlibabaTrojan:BAT/Qhost.209f1f4e
K7GWTrojan ( 004b93841 )
Cybereasonmalicious.e9616c
CyrenW32/Dropper.BD.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Bicololo.A
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan.VBS.Qhost.dt
BitDefenderGen:Heur.SMHeist.1
NANO-AntivirusTrojan.Script.Qhost.drlddb
AvastJS:Bicololo-AG [Trj]
TencentVbs.Trojan.Qhost.Jqil
EmsisoftGen:Heur.SMHeist.1 (B)
F-SecureMalware.BAT/QHost.AF.3
TrendMicroTROJ_SPNR.15HD13
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.ch
Trapminemalicious.high.ml.score
FireEyeGen:Heur.SMHeist.1
SophosMal/Generic-S
GDataGen:Heur.SMHeist.1
AviraTR/Dropper.Gen
MAXmalware (ai score=88)
XcitiumTrojWare.Win32.Qhost.AN@4z6lnq
ArcabitTrojan.SMHeist.1
SUPERAntiSpywareTrojan.Agent/Gen-Qhost
ZoneAlarmTrojan.VBS.Qhost.dt
MicrosoftTrojan:BAT/Qhost.AF
GoogleDetected
McAfeeGeneric StartPage.sim
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_SPNR.15HD13
RisingTrojan.Bicololo!8.91 (TOPIS:E0:Yslsuq4svR)
YandexTrojan.Qhost!QEFd5n3AxFk
IkarusTrojan.Win32.Qhost
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Bicololo.A!tr
AVGJS:Bicololo-AG [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:BAT/Qhost.AF?

Trojan:BAT/Qhost.AF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment