Trojan.Flush.K

Trojan.Flush.K Description



Trojan.Flush.K is a particularly infamous browser hijacker that changes your computer’s DNS settings to redirect your browser to unwanted and potentially harmful sites. Although, at the time of this writing, all confirmed Trojan.Flush.K servers have been shut down, recent action by the ISC has also taken down their clean ‘substitute’ servers. This can result in Trojan.Flush.K-infected PCs suffering from a total loss of Internet connectivity until Trojan.Flush.K is removed. Even though this side effect is rather alarming, SpywareRemove.com malware researchers recommend that you keep calm and delete Trojan.Flush.K in the same way that you’d deal with any type of browser hijacker: by scanning your computer with an appropriate brand of anti-malware application. Doing this and restoring your original DNS settings will re-enable Internet access as normal.

Trojan.Flush.K – the Browser-Redirecting Trojan That’s Turned into an Inadvertent Internet Blockade


Trojan.Flush.K has been identified since 2007 by various names, including Trojan.dnschanger and similar PC threats like Trojan:BAT/Dnschanger.B, Trojan:Win32/Dnschanger.AI and several variants of Alueron. The trademark features of Trojan.Flush.K and its relatives are attacks against the infected PC’s Domain Name System or DNS settings. Since these settings control your computer’s ability to translate website addresses into actual destinations, these attacks have allowed Trojan.Flush.K to redirect its victims to any other type of website at its pleasure, including sites that host malicious content (such as phishing attacks and drive-by-download scripts).

SpywareRemove.com malware researchers note that similar attacks can still be functional for other Trojans, but also that all servers associated with Trojan.Flush.K have been shut down under a court order.
Download SpyHunter Spyware Scanner
While Trojan.Flush.K may not be able to cause browser redirects or otherwise harm your computer anymore, its DNS changes may still hinder your PC’s ability to access the Internet. Loss of Internet connectivity due to these circumstances can only be remedied by removing Trojan.Flush.K and undoing its DNS changes, which should be achievable with any good anti-malware application.

Flushing Trojan.Flush.K Down the Digital Toilet


If you’ve experienced a loss of Internet access since July 9th, your PC may be one of the hundreds of thousands that are still estimated to be infected with Trojan.Flush.K. Fortunately, detecting, containing and detecting Trojan.Flush.K infections are all considered relatively easy tasks with appropriate anti-malware products in-hand, and, by itself, SpywareRemove.com malware researchers rate Trojan.Flush.K as a low-level PC threat.

Like many browser hijackers, Trojan.Flush.K was designed to attack only Windows-based PCs, including the XP, 98, 95, 2K, Me and NT platforms. However, the basic DNS-changing attacks that Trojan.Flush.K uses can be exploited by many other types of browser hijackers, and SpywareRemove.com malware researchers also warn that contact with sites that Trojan.Flush.K promotes may result in infection by greater PC threats than Trojan.Flush.K. Due to its modifications to the Registry and other Windows components, removal of Trojan.Flush.K by manual methods is not recommended.

Trojan.Flush.K Automatic Detection Tool (Recommended)


Is your PC infected with Trojan.Flush.K? To safely & quickly detect Trojan.Flush.K, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 file.exe 665
    2 %UserProfile%\Local Settings\Temp\step1.exe N/A
    3 %UserProfile%\Local Settings\Temp\svchost.exe N/A
    4 %UserProfile%\Local Settings\Temp\step2.exe N/A
    5 %ProgramFiles%\DirectVideo\Uninstall.exe N/A
    6 %UserProfile%\Start Menu\Programs\DirectVideo\Uninstall.lnk N/A
    7 %System%\kd[3 RANDOM CHARACTERS].exe N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_ALL_USERS\Software\DirectVideo\"Default" = "%ProgramFiles%\DirectVideo"HKEY_ALL_USERS\Software\DirectVideo\"Start Menu Folder" = "DirectVideo"HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"System" = "kd???.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"DisplayIcon" = "%ProgramFiles%\DirectVideo\Uninstall,0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"DisplayName" = "DirectVideo"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"InstallLocation" = "%ProgramFiles%\DirectVideo"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"NoModify" = "0x00000001"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"NoRepair" = "0x00000001"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo\"UninstallString" = "%ProgramFiles%\DirectVideo\Uninstall.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM CLSID]\"DhcpNameServer" = "85.255.115.21,85.255.112.91"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM CLSID]\"DhcpNameServer" = "85.255.115.21,85.255.112.91"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM CLSID]\"NameServer" = "85.255.115.21,85.255.112.91"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[RANDOM CLSID]\"NameServer" = "85.255.115.21,85.255.112.91"HKEY..\..\..\..{Subkeys}HKEY_ALL_USERS%\Software\DirectVideoHKEY_CLASSES_ROOT%\DirectVideoHKEY_CLASSES_ROOT%\DirectVideo\CLSIDHKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_CLASSES_ROOT\DirectVideo\CLSID\"Default" = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}"
Posted: June 20, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 26
Home Malware ProgramsTrojans Trojan.Flush.K

Leave a Reply

What is 6 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)