Jump to content

False Positive with latest definitions?????


Recommended Posts

Getting TONS of the same error in the past 10 minutes from machines around the building:

 

5/22/2014 15:57:02 PM - Module Startup scanner - Threat Alert triggered on computer W7LAP02310:  C:\Windows\System32\drivers\etc\hosts contains Win32/Qhost trojan.

 

Seems as it happens as they update to the latest definitions.

 

Anyone else seeing this?

Link to post
Share on other sites

For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there....

 

You would think an "Enterprise" product wouldn't run into problems like this.

 

Perhaps it is time to evaluate something else.

Link to post
Share on other sites
  • Administrators

For others, it is quarantining the hosts file because of the Spybot Immunization entries that are inserted there....

 

If malware was seen to use the same hosts entries, no wonder that a detection was added. Please supply me with a download link to your hosts file so that I can check it out.

Link to post
Share on other sites

Hi PhilMabee,

 

There appears to have been an issue with Virus Signature Database version 9836 detecting hosts files modified by Spybot as infected with Win32/Qhost. This was corrected on Virus Signature Database version 9837.

 

Thank you,

ChadH

Link to post
Share on other sites
  • Administrators

Well, the hosts entry detected by ESET was added by Virut so the detection was ok. It was not a false positive but a clash of 2 security applications installed at a time which is not recommended. When both applications trigger a detection, it can have unpredictable consequences.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...