Jump to content

Hosts file trojan detected


rhodes
 Share

Recommended Posts

Hello, good night.

First of all, I am new to the forum, I register to ask for advice and help about an issue.

My anti-virus - NOD32 6 version 6.0.316.1 detected a trojan in the host files.

the log entry is bellow:

22-05-2014 22:50:24    Proteção em tempo real do sistema de arquivos    arquivo    C:\Windows\System32\drivers\etc\hosts    Win32/Qhost cavalo de Tróia    limpo por exclusão - em quarentena    Rodrigo-PC\Rodrigo    Ocorreu um evento em um arquivo modificado pelo aplicativo: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe.

 

Could this be a false positive or not?

I was on the internet, but in my normal sites that I go, and never had any problem.

I also have Spybot - Search & Destroy and when I try to run "immunize" option, is when the AV pop-up warning comes, warning that file C:\Windows\System32\drivers\etc\hosts is a Win32/Qhost trojan.

 

Thank you, regards

Rodrigo Pinto

Link to comment
Share on other sites

Hello, just a little update. Last night I decided to update NOD32 to the new version. Before I run a MS Fix It program, for fixing the Hosts file. After that and rebooting, I updated the AV. After the reboot, I scan the file in question and the adjecent folders. It come up fine, no detection.

After that, I run spyboot and the "Immunize" option, that was completed and with out the AV detecting the Hosts file as a trojan. I went to 2 or 3 web sites and had no warning sign. I also scan the pc with the AV and noting.

I also run ESET SysInspector. It rated as critical (in red) the hosts file. After clicking on the file, the window showed several wed sites addresses, one in red and the others all orange. I think that Spyboot adds this adresses for protection of the browsers, for pop-up or malware detection and stoping, but could be wrong.

So, may this be a false positive or in the worse case scenario, I have a trojan in my PC?

Thank you, regards

Rodrigo Pinto

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...