I have seen several today as well with DAT 6874. Not seeing anything out of the ordinary and no internet activity at that time.
Seeing same here. Following this post to see what the outcome is.
Yes we saw it across a number of machines as well. No real understanding of what might be common between the systems where the detections occurred. As with others I'll be watching this to see what develops.
1 of 1 people found this helpful
I've seen a couple today, including my pc, with VSE patch1, DAT 6874.
The QHosts.c detections are coming from C:\WINDOWS\system32\drivers\etc\host.
Anyone running spybot 1.6.2 on the same pc as mcafee? In my case,
it appears that mcafee isn't liking the host file after spybot appends its blacklist.
If I try to manually update spybot and immunize the global host file, mcafee will
quarantine it as a QHosts.c detection every time.
Seeing the same on a number of my systems with DAT 6874. Running VSE 8.7 though.
My friend has been having it pop up as well, however the source for hers is...
She checked, it was modified recently, and it continues to pop up in spams, and then is calm for a long time, and then pops up in waves again. (Mainly this happens while she's using Malware Bytes/SuperAntiSpyware/Spybot Search and Destroy/Stinger)
Her message is this...
It just started popping up about 2-3 hours again. Did she actually get a virus/trojan or is it just a false report that McAfee is constantly catching and "Fixing"?
We are also seeing what looks like false positives with the 6874 DAT on some old VSE 8.7 machines, but we have no access to the endpoints to check.
At least 1 was on a mothballed server thats been out of use for 2 years though.
So the issue my friend is having, and these other gentlemen above are having is more than likely a false positive that may be fixed in the next update, or will have a user-fix soon?
I have opened a service request to get some confirmation on this. No news until now.