Jump to content

False Positive with latest definitions?????


Recommended Posts

Getting TONS of the same error in the past 10 minutes from machines around the building:

 

5/22/2014 15:57:02 PM - Module Startup scanner - Threat Alert triggered on computer W7LAP02310:  C:\Windows\System32\drivers\etc\hosts contains Win32/Qhost trojan.

 

Seems as it happens as they update to the latest definitions.

 

Anyone else seeing this?

Link to comment
Share on other sites

For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there....

 

You would think an "Enterprise" product wouldn't run into problems like this.

 

Perhaps it is time to evaluate something else.

Link to comment
Share on other sites

  • Administrators

For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there....

 

If malware was seen to use the same hosts entries, no wonder that a detection was added. Please supply me with a download link to your hosts file so that I can check it out.

Link to comment
Share on other sites

Hi PhilMabee,

 

There appears to have been an issue with Virus Signature Database version 9836 detecting hosts files modified by Spybot as infected with Win32/Qhost. This was corrected on Virus Signature Database version 9837.

 

Thank you,

ChadH

Link to comment
Share on other sites

  • Administrators

Well, the hosts entry detected by ESET was added by Virut so the detection was ok. It was not a false positive but a clash of 2 security applications installed at a time which is not recommended. When both applications trigger a detection, it can have unpredictable consequences.

Link to comment
Share on other sites

You should disable SpyBot Immunization and leave it that way as there appears to be a conflict with your ESET software.

 

Restore your Hosts file to defaults. If you choose to use a custom Hosts file, use MVPS Hosts and don't add custom entries as these can lead to false positives.

 

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...