W32.Hostidel.Trojan


Aliases: W32.Hostidel.Trojan.C, TrojanDropper:Win32/Small, TROJ_SMALL.EP, DR/Small.EP.1, Win32:Trojano-024
Variants: Trojan-Dropper.Win32.Small.ep, TrojanDropper.Win32.Small.ep, MultiDropper-GP, Trojan.MulDrop.752, Troj/Tofger-N

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 13 Nov 2003
Damage: Low

Characteristics: This Trojan Horse has been observed by many computer experts to negatively impact the behavior of the Web browser as well as the online activities of the computer user. The W32.Hostidel.Trojan is responsible for the modification of the Windows Host file that affects the name resolution capability of the Web browser. It has also been established to replace the default homepage and search page of the Web browser.

More details about W32.Hostidel.Trojan

Upon its execution in the infected computer system, the W32.Hostidel.Trojan will insert additional entries into the Favorites menu of the Web browser. All of the links that are added by the malware are associated with possible malicious adult websites. These possible sources of additional malware may escape the scrutiny of security applications since they have been added to the Favorites menu and quite possibly to the white list of the Web browser. The W32.Hostidel.Trojan will search the hard drive for the exact location of the Windows Host file. When found, the malware will delete all its contents and replace them with its own name resolution version. The W32.Hostidel.Trojan will be able to effectively control the online behavior of the Web browser.

The W32.Hostidel.Trojan makes use of the Windows Registry to institute some changes in the way the Web browser functions. It also hooks the search function of the Web browser from the Windows Registry by dictating the search page that will be displayed. The W32.Hostidel.Trojan also makes use of the Windows Registry service to control the behavior of the search bar of the Web browser. The change in the default homepage is done by the W32.Hostidel.Trojan from the Windows Registry to make it more difficult for the average user to change it back to its default value.