The trojan, identified as Trojan.Qhost.WU, modifies the "hosts" file, a local storage for domain name / IP address mappings. The file is consulted before domain name servers and is considered authoritative

Further on, the malware creates an entry redirecting pagead2.googlesyndication.com to a rogue server, so that the infected PC will show withing the browser ads from third parties instead of showing the ads served by Google.

"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

PC users can check whether they’re infected or not by issuing the following command (from the command line or from Start -> Run): “ping -t pagead2.googlesyndication.com”. The command should return the following response: “Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data”.

If the first digit is a 6, then rest assured, you are not infected. However, should the first shown digit be a 9, you can start looking for a good antivirus program.

Infected users that want to restore their hosts file are advised remove the line from it containing "pagead2.googlesyndication.com".