cancel
Showing results for 
Search instead for 
Did you mean: 

VSE 8.8 Generic QHosts.c detections

Jump to solution

I am seeing a few reports of this malware coming into ePO and talked to one of the support techs. On one of the systems it was connected to the network but did not have a browser window open or connected to anything such as an external drive. The user received the pop up while working on data that they typically work on day to day and contacted support.

According to the logs it shows that the infection was cleaned from the hosts file but the hosts file has a last modification date of 3 years ago.

VSE 8.8.0.849.Wrk

DAT 6874

Detected via OAS

False positive being reported? Anyone else experiencing the same?

Thanks.

1 Solution

Accepted Solutions
Highlighted
Level 13
Report Inappropriate Content
Message 12 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

Support confirm false positive:

"If the customer was using or has used Spybot searchand destroy or other anti-malware tools that added entries within the hostsfile it was detected incorrectly with the 6874 dat. This has already been fixedand should not occur in the next dat onwards."

Apologies for any inconvenience caused by this detectionin the 6874 DAT release.

View solution in original post

18 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

I have seen several today as well with DAT 6874. Not seeing anything out of the ordinary and no internet activity at that time.

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

Seeing same here. Following this post to see what the outcome is.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

Yes we saw it across a number of machines as well.  No real understanding of what might be common between the systems where the detections occurred.  As with others I'll be watching this to see what develops.

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

I've seen a couple today, including my pc, with VSE patch1, DAT 6874.

The QHosts.c detections are coming from C:\WINDOWS\system32\drivers\etc\host.

Anyone running spybot 1.6.2 on the same pc as mcafee?  In my case,

it appears that mcafee isn't liking the host file after spybot appends its blacklist.

If I try to manually update spybot and immunize the global host file, mcafee will

quarantine it as a QHosts.c detection every time.

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

Seeing the same on a number of my systems with DAT 6874. Running VSE 8.7 though.

Highlighted

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

My friend has been having it pop up as well, however the source for hers is...

C:\\WINDOWS\SYSTEM32\Drivers\etc\hosts.20101130-164513.backup

She checked, it was modified recently, and it continues to pop up in spams, and then is calm for a long time, and then pops up in waves again. (Mainly this happens while she's using Malware Bytes/SuperAntiSpyware/Spybot Search and Destroy/Stinger)

Her message is this...

Win32/Rootkit.Qhost.C

It just started popping up about 2-3 hours again. Did she actually get a virus/trojan or is it just a false report that McAfee is constantly catching and "Fixing"?

Message was edited by: whippoorwillheretic on 10/24/12 1:19:49 AM CDT
Highlighted
Level 13
Report Inappropriate Content
Message 8 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

We are also seeing what looks like false positives with the 6874 DAT on some old VSE 8.7 machines, but we have no access to the endpoints to check.

At least 1 was on a mothballed server thats been out of use for 2 years though.

Highlighted

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

So the issue my friend is having, and these other gentlemen above are having is more than likely a false positive that may be fixed in the next update, or will have a user-fix soon?

Highlighted
Level 7
Report Inappropriate Content
Message 10 of 19

Re: VSE 8.8 Generic QHosts.c detections

Jump to solution

I have opened a service request to get some confirmation on this. No news until now.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community