Romanian antivirus company BitDefender has reported that the advertisements placed by Google on the web sites are being hijacked by a Trojan virus called Trojan.Qhost.WU. Trojan.Qhose.WU will replace the intended text with ads from a different provider and thence redirect the queries meant to be sent to Google servers to other rogue servers, which display ads from a third party instead of ads from Google.

Trojan.Qhost.WU is identified by BitDefender as spreading at a “low” level and causing” medium” damage to users. Google has responded that it has cancelled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating its software principles. Google is working hard to detect and remove the sites that serve malware in both its ad network and its search result.

In the event users suspect to be infected by this Trojan or intend to check out whether they have infected, they can use the solution provided by BitDefender:

Check for Trojan.Qhost.WU Infection:
Go to Start > Run > ping -t pagead2.googlesyndication.com

The response should look similar to this: Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data; where the x’s represent digits. If users are not infected, the first digit will be a 6 (as in the example). If users are infected, the first digit will be a 9.

If users’ computer are infected by Trojean.Qhost.WU, they can try out freeware SmitFraudFix v2.274. Users can download the latest version of SmitFraudFix removal tool via here to and read the removal instruction to clean the infected virus.

Related Posts