Trojan.Hosts.5858

Posted: May 24, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	48

First Seen:	May 24, 2012
OS(es) Affected:	Windows

While most browser hijackers limit themselves to exposing you to unpleasant sites every once in a while and otherwise let you go about your business, Trojan.Hosts.5858 is noteworthy for being a browser hijacker that uses its attacks as a form of ransom. Trojan.Hosts.5858 attempts to block normal web browser usage by redirecting you to a malicious site that hosts a fraudulent warning message. In a ploy that SpywareRemove.com malware experts have found to be more typical for ransomware Trojans than browser hijackers, this message informs victims that their Internet access is being blocked due to supposed crimes that have been associated with their computers. Trojan.Hosts.5858's warning message offers an easy credit card payment to unlock Internet access, but since this message is fraudulent, you should be content with using anti-malware software to delete Trojan.Hosts.5858 and regain web-browsing capabilities for free.

Trojan.Hosts.5858 – a Fake 'House of Spam' Delivery Straight to Your Web Browser

Trojan.Hosts.5858 is a Trojan that's often installed by other types of Trojans, particularly including members of the BackDoor.Andromeda family. Backdoor Trojans like those that install Trojan.Hosts.5858 may also be reconfigured to implement different PC threats or to reduce your computer's security; consequentially, SpywareRemove.com malware researchers always recommend an extremely thorough scan of your PC after any possible Trojan.Hosts.5858 attack. Fortunately, Trojan.Hosts.5858 attacks are fairly easy to identify, since they use very visible browser redirects via standard Hosts file exploits.

By modifying your Hosts file, Trojan.Hosts.5858 redirects your browser from popular sites (IE, Facebook, Google and so on) towards its own website. This site hosts a warning message that claims to be from Spamhaus (a spam-tracking database) and informs you that your PC has supposedly been linked to spam-related activities and, therefore, been blocked from the Internet. Naturally, this isn't true, and SpywareRemove.com malware analysts remind potential Trojan.Hosts.5858 victims that reputable PC security companies, including Spamhaus, legally aren't allowed to take such actions arbitrarily.

A brief sample of the warning is provided below, translated into English for your convenience (the original text is presented in German):

Your computer IP address was blocked to prevent spam activity. To be able to use many Internet sites, your consent is required to prove that you're a real human and not a robot or spam program.

Sneaking Out of Trojan.Hosts.5858's Trap without Spending a Thing

Trojan.Hosts.5858's warning form insists that you should use your credit card for a fee that will unlock Internet access, but this is completely unnecessary and may cause your credit card to be targeted by multiple types of fraudulent transactions. Even though its choice of destination is exceptionally alarming, Trojan.Hosts.5858 can be removed like any other browser hijacker – with a scan from a good anti-malware application. However, SpywareRemove.com malware experts also remind that you should scan your entire PC, particularly including your Hosts file, since your browser will continue to suffer from redirects unless all of Trojan.Hosts.5858's Hosts file changes are removed.

Because Trojan.Hosts.5858 was identified recently as of May 2012, you may also be required to update your anti-malware scanner's threat databases before it can identify Trojan.Hosts.5858 for deletion. Whenever possible, SpywareRemove.com malware research team recommends keeping your anti-malware software completely updated, which will maximize its ability to detect recently-emerged PC threats like Trojan.Hosts.5858.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

avg.exe

File name: avg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Autorun.inf

File name: Autorun.inf
Mime Type: unknown/inf
Group: Malware file

%AllUsersProfile%\Local Settings\Temp\d446fffd.com

File name: %AllUsersProfile%\Local Settings\Temp\d446fffd.com
File type: Command, executable file
Mime Type: unknown/com
Group: Malware file