Need assistance regarding last scan. TrojWare.Win32.Qhost

This is the report from my last scan


TrojWare.Win32.Qhost.~14S9@116242354 0.0.0.0


I’ve tried googling it with no luck, I did qurantine it, But would like to
know what virus it is.
My windows was formatted 3 days ago, so getting a file so soon worry’s me.

P.s.
I apoligise for the lack of english

If you release it from the quarantine you can upload it to virustotal and CIMA. Then post a link to the results. After this you can quarantine it again.

This should show whether it could be a false positive and give more information about what type of malware it could be, if it’s not a false positive.

Hi and thanks for the reply.
Hmm yeah…, find the file you say.
It’s location is 0.0.0.0
So i’ve attached a picture for you.

The top one in the picture is my current file i’m asking about.
The strangest thing though, the other files comodo
found came from MSI.com and vere just regular driver files,
but some how comodo found them suspicous ;D
but they are not worying me :wink:

if you need more info dont hessitate to ask.

[attachment deleted by admin]

any new development regarding this isue?

I’d leave that one quarantined. It is not detected with heuristics and I don’t know what a location of 0.0.0.0 means.

The other ones you can check though.

allright thanks for that, altough I have no idea why I said it was heuristic. :-/

could it make any difference if my PC connects to a local server (clear OS)?
regarding the 0.0.0.0 location, the server takes care of IP distribution. (among other things)

Maybe this could help (Hopefully) or at least narrow the problem a little bit

http://support.microsoft.com/kb/822123

You have been playing with your Hosts File, possibly using a program to convert 127.0.0.1 into 0.0.0.0 to speed up your browsing experience, the only thing you should really worry about is the authenticity of the program you used or whether or not you have actually been playing with your Hosts file
This possible false positive, comes from using HostsMan for me in particular when changing the 127.0.0.1 into 0.0.0.0 for all entries, but is most likely not limited to HostsMan.
I suggest going here

it has instructions on all aspects of Hosts file.
and some stuff that will help security.

WinPatrol DOES NOT LOCK the Hosts file anymore just to clarify.You will still want to lock the hosts file, if anyone has a solution let me know.

This topic is 2 months old

Since the original topic starter hasn’t responded back, I’ll ASSume eveything is fine.

This topic is LOCKED

If the orginal topic starter has the problem reoccuring again or a new one, please start a new topic

Thanks :slight_smile: