Jump to content
Serial.com

Possible false Positive Qhost

Recommended Posts

Hello Eset Team

Eset for Linux detected the modified host as a virus, which, in my opinion, is a false positive.

He reports having cleaned up a virus variant called (a clean Trojan Win32 / Qhost variant ", but has not removed any lines from the modified host. Its removal is in my view" false or failed "because the messages return saying they have been removed again , as follows:

12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34).
12/03/2020 08:34:35 Preload the access protection file / etc / hosts a variant of the clean root of the Win32 / Qhost Trojan root The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8).
03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / bash (045745515B9E902E13227606B9C0C954AC31BC34).
03/11/2020 00:56:59 Preload the access protection file / etc / hosts a variant of the Win32 / Qhost Trojan clean root event The event occurred in a new file created by the application: / usr / bin / cat (46A5FE86C55A3854E49FAE85B8E1C7EF3843B5A8).
3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean
3/10/2020 4:34:23 On-demand scanner file / etc / hosts a variant of the Win32 / Qhost Trojan clean


This modified host can be found on the GitHub website:
https://github.com/hectorm/hblock and is used by thousands of Linux users, better known as hblock and is found on the website's AUR: https://aur.archlinux.org/packages/hblock

# Author: Héctor Molinero Fernández <hector@molinero.dev>
# Repository: https://github.com/hectorm/hblock
# Last updated: Thu Mar 12 11:34:32 UTC 2020
# Blocked domains: 235819

Attached, the host, bash and cat file is sent for analysis by AV LINUX Eset, but I have been without response for several days.

If through the ESET Forum you can help me on this issue, I am grateful.

I thank you for your attention

Serial.com

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...