PhilMabee 0 Posted May 22, 2014 Share Posted May 22, 2014 Getting TONS of the same error in the past 10 minutes from machines around the building: 5/22/2014 15:57:02 PM - Module Startup scanner - Threat Alert triggered on computer W7LAP02310: C:\Windows\System32\drivers\etc\hosts contains Win32/Qhost trojan. Seems as it happens as they update to the latest definitions. Anyone else seeing this? Link to comment Share on other sites More sharing options...
PhilMabee 0 Posted May 22, 2014 Author Share Posted May 22, 2014 For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there.... You would think an "Enterprise" product wouldn't run into problems like this. Perhaps it is time to evaluate something else. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted May 22, 2014 Share Posted May 22, 2014 ESET has the lowest false positives out of all other vendors. If you have ESET installed, you dont need anything to do with spybot. Restore your origional host or download a better host that doesnt have a problem with ESET. Try mvps :hxxp://winhelp2002.mvps.org/hosts.htm Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted May 22, 2014 Administrators Share Posted May 22, 2014 For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there.... If malware was seen to use the same hosts entries, no wonder that a detection was added. Please supply me with a download link to your hosts file so that I can check it out. Link to comment Share on other sites More sharing options...
Chadh 45 Posted May 22, 2014 Share Posted May 22, 2014 Hi PhilMabee, There appears to have been an issue with Virus Signature Database version 9836 detecting hosts files modified by Spybot as infected with Win32/Qhost. This was corrected on Virus Signature Database version 9837. Thank you, ChadH Link to comment Share on other sites More sharing options...
Arakasi 549 Posted May 23, 2014 Share Posted May 23, 2014 Thanks for the update Chad !! Link to comment Share on other sites More sharing options...
PhilMabee 0 Posted May 23, 2014 Author Share Posted May 23, 2014 Restored all of my hosts files through the console. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted May 23, 2014 Administrators Share Posted May 23, 2014 Well, the hosts entry detected by ESET was added by Virut so the detection was ok. It was not a false positive but a clash of 2 security applications installed at a time which is not recommended. When both applications trigger a detection, it can have unpredictable consequences. Link to comment Share on other sites More sharing options...
siljaline 57 Posted May 24, 2014 Share Posted May 24, 2014 You should disable SpyBot Immunization and leave it that way as there appears to be a conflict with your ESET software. Restore your Hosts file to defaults. If you choose to use a custom Hosts file, use MVPS Hosts and don't add custom entries as these can lead to false positives. Link to comment Share on other sites More sharing options...
Recommended Posts