How to manually remove hosts file entries added by Troj/Qhost-AC

You probably already know about the Trojan Troj/Qhost-AC (as identified by Sophos) which blocks access to two of the most popular BitTorrent sites The Pirate Bay and Mininova.org. In addition to these two BitTorrent sites, the Trojan also blocks access to SuprBay.org (TPB and SuprNova.org’s official forums ). It does this by adding a few lines to your Windows hosts file. If you somehow got infected by this Trojan, here is how you can edit the hosts file to restore access to the blocked sites.

hosts file trojan infected

1. Locate the directory of your hosts file.
By default, the hosts file on Windows Vista, XP, 2003 or Windows NT is located in the folder X:\Windows\system32\drivers\etc\ (where X is the drive letter to which Windows is installed to, usually C:\)
In Windows 98, the hosts file is located in the directory to which windows is installed to (usually C:\Windows)
Linux/Unix: /etc
Mac OS X: /private/etc/hosts

2. Once inside the directory, locate hosts file (it has no extension). Open it with a text editor such as notepad.

3. Now carefully search the contents of the hosts file for any of the following lines:

  • 127.0.0.1   www.mininova.org
  • 127.0.0.1   www.mininova.com
  • 127.0.0.1   www.thepiratebay.org
  • 127.0.0.1   www.suprbay.org
  • 127.0.0.1   mininova.org
  • 127.0.0.1   mininova.com
  • 127.0.0.1   thepiratebay.org
  • 127.0.0.1   suprbay.org

4. If any of the lines above are found, remove them from the hosts file. Once cleanup is complete, save the file.

You should now be able to access the blocked sites. Note that this Trojan also adds the comment “Fuck You” to the hosts file. It does not affect your browsing since it’s merely a comment. If you want, you can get rid of it by deleting the line # FUCK YOU.