Support confirm false positive:
"If the customer was using or has used Spybot searchand destroy or other anti-malware tools that added entries within the hostsfile it was detected incorrectly with the 6874 dat. This has already been fixedand should not occur in the next dat onwards."
Apologies for any inconvenience caused by this detectionin the 6874 DAT release.
Just to note that I saw the issue on a number of 8.8 installs, so I think the version really has little to do with it, and that it's the FP in the DAT combined with other factors.
I can confirm this occurring on 8.8 P2 installations where Spybot S&D is also installed.
It does seem to be only installation with the 6874DAT installed other machines with 6873 and under do not seem to be affected.
Same problem for us on few computers running Version 8.5 or 8.7i of viruscan enterprise runing the 6874DAT file.
The file is detected in C:\windows\system32\drivers\etc\hosts.
For one pc, the file UNS.exe from Intel Management engine was detected as Generic QHosts.c.
Installing the Viruscan enterprise 8.8 as corrected this problem on all PC.
I follow this post to see what the outcome is.
I see this since today on a couple of machines with VSE 8.7 P5. In our case it seems to be related to spybot's modified hosts file also.
Maybe this is a false positive due to this signature change: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1553211Message was edited by: nbaumann on 10/24/12 11:10:31 AM CEST
The DAT 6875 just got released before lunch CDT. Have forced our ePO server to install and deploy to all our managed systems. since deploying the DAT, I have not seen anymore of the Qhosts alerts.