Serial.com 2 Posted March 12, 2020 Share Posted March 12, 2020 Hello Eset Team Eset for Linux detected the modified host as a virus, which, in my opinion, is a false positive. He reports having cleaned up a virus variant called (a clean Trojan Win32 / Qhost variant ", but has not removed any lines from the modified host. Its removal is in my view" false or failed "because the messages return saying they have been removed again , as follows: 12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34). 12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the clean root of the Win32 / Qhost Trojan root The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8). 03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34). 03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8). 3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean 3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean This modified host can be found on the GitHub website: https://github.com/hectorm/hblock and is used by thousands of Linux users, better known as hblock and is found on the website's AUR: https://aur.archlinux.org/packages/hblock # Author: Héctor Molinero Fernández <hector@molinero.dev> # Repository: https://github.com/hectorm/hblock # Last updated: Thu Mar 12 11:34:32 UTC 2020 # Blocked domains: 235819 Attached, the host, bash and cat file is sent for analysis by AV LINUX Eset, but I have been without response for several days. If through the ESET Forum you can help me on this issue, I am grateful. I thank you for your attention Serial.com Link to comment Share on other sites More sharing options...
Recommended Posts