How to remove Rating.exe Trojan that spreads itself via social networks

We have become aware of the fact that right now many popular social networks are being attacked with new phishing Trojan called Rating.exe. Upon successful download and installation it redirects all social networks via HOSTs file to certain malicious IP address which subsequently is engaged in phishing activities. The mechanism of its activity is as follows. Suddenly the user, while surfing the account of certain social network, faces the link for download of the file called Rating.exe. The offer says that by downloading it users may increase the rating of their own page in this social network. However, this is just the bunch of lies and is far away from reality. By downloading Rating.exe users make their PC and personal information vulnerable and exposed to cyber criminals and frauds that want to gather more and more information about you as their potential victim. When users agree to install Rating.exe Trojan this makes their system exposed to more severe malwares subsequently.

The mechanism of activity of this Trojan is as follows. First, upon launching, the above-mentioned Trojan modifies the important system file %system%\drivers\etc\hosts Afterwards all inquiries from social network sites will be rerouted to some malicious IP address. Then the Trojan installs the attributes «hidden» and «read only» for the modified file, afterwards, for misleading the user, it creates another file with the name: %system%\drivers\etc\hOsts (with some random letter instead of “o”) This file contains the following lines:

Leave a comment

*