The trojan, identified as Trojan.Qhost.WU, modifies the "hosts" file, a local storage for domain name / IP address mappings. The file is consulted before domain name servers and is considered authoritative

Further on, the malware creates an entry redirecting to a rogue server, so that the infected PC will show withing the browser ads from third parties instead of showing the ads served by Google.

"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the trojan takes away viewers and thus a possible money source from their websites.”

PC users can check whether they’re infected or not by issuing the following command (from the command line or from Start -> Run): “ping -t”. The command should return the following response: “Pinging [] with 32 bytes of data”.

If the first digit is a 6, then rest assured, you are not infected. However, should the first shown digit be a 9, you can start looking for a good antivirus program.

Infected users that want to restore their hosts file are advised remove the line from it containing "".