Jump to content

Possible false Positive Qhost


Recommended Posts

Hello Eset Team

Eset for Linux detected the modified host as a virus, which, in my opinion, is a false positive.

He reports having cleaned up a virus variant called (a clean Trojan Win32 / Qhost variant ", but has not removed any lines from the modified host. Its removal is in my view" false or failed "because the messages return saying they have been removed again , as follows:

12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34).
12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the clean root of the Win32 / Qhost Trojan root The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8).
03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34).
03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8).
3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean
3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean


This modified host can be found on the GitHub website:
https://github.com/hectorm/hblock and is used by thousands of Linux users, better known as hblock and is found on the website's AUR: https://aur.archlinux.org/packages/hblock

# Author: Héctor Molinero Fernández <hector@molinero.dev>
# Repository: https://github.com/hectorm/hblock
# Last updated: Thu Mar 12 11:34:32 UTC 2020
# Blocked domains: 235819

Attached, the host, bash and cat file is sent for analysis by AV LINUX Eset, but I have been without response for several days.

If through the ESET Forum you can help me on this issue, I am grateful.

I thank you for your attention

Serial.com

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...