Troj/Krepper-Q is an adware Trojan which changes browser settings, downloads and installs/runs new software and modifies the HOSTS file to redirect internet searches.
Troj/Krepper-Q changes the Start Page and search settings for Microsoft
Internet Explorer by settings registry entries under:
HKLM\Software\Microsoft\Internet Explorer\
HKCU\Software\Microsoft\Internet Explorer\
HKCU\Software\Microsoft\Internet Explorer\Main\
HKCU\Software\Microsoft\Internet Explorer\Settings\
Troj/Krepper-Q modifies the HOSTS file, mapping the URLs of common search
engine sites to its own site, thus effecting redirection. Troj/Krepper-Q
modifies HOSTS files located at:
D:\WINNT\hosts
D:\WINNT\system32\drivers\etc\hosts
D:\WINDOWS\hosts
D:\WINDOWS\system32\drivers\etc\hosts
C:\WINNT\hosts
C:\WINNT\system32\drivers\etc\hosts
C:\WINDOWS\hosts
C:\WINDOWS\system32\drivers\etc\hosts
Troj/Krepper-Q periodically attempts to download executables from a remote
location to the Windows TEMP or system folders and then runs them.
Troj/Krepper-Q may also create Internet Shortcuts in the Desktop and Favorites
folders.