Spyware doctor found 6 infections of Trojan.Qhosts?

Just recently scanned and it said I got a Trojan.Qhost from 6 different websites that I’ve never been to. I scanned just a couple of days ago and didn’t get this. What do these trojans do, how did I get them all of a sudden, and from websites I didn’t even visit?

Without information, no one can hazard a guess.

Post the Spyware Doctor log file for the scan.

Don’t know how to open a log…but below host entry it says:
127.0.0.1, dl1.vir usprotectpro.com
127.0.0.1, ww w.error safe.com
127.0.0.1, www.m ei zi7472831.com
127.0.0.1, ww w.my d ailya ap28.com
127.0.0.1, mydailyaap28 .com
127.0.0.1, vir usprotectpro.com

All dangerous websites that I’ve never visited…

Just scanned with a squared and it says I’ve got a Trojan.Crypt!IK…Have no idea where all these trojans are coming from…Would defragging my hard drive remove all these viruses?

The hosts file is normally used to block bad sites and it does that by redirecting away from a bad site. It is also used by malware to try and block access to security sites to prevent you getting help to remove malware. In this case it appears to be trying to redirect your local system 127.0.0.1 to these malicious sites.

So the trojan Q Host is just something that has modified your HOSTS file. It is trying to redirect you to these sites.

Did you allow spyware doctor to take care of these ?

a-squared is no stranger to false positives either, again when posting give information or we are just speculating, file name and location ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

It didn’t say their location, and I’m using the free version of spyware doctor, meaning that it won’t actually remove the viruses. I already have malwarebytes and superantispyware, though both never really help. Malwarebytes never gets anything, and superantispyware never gets anything that a squared or spyware doctor can’t…

Well a free tool that won’t actually remove anything is pretty much useless. The location I said it was in your HOSTS file which has been modified.

Sorry but a-squared IMHO has a high number of false positives and isn’t as good as MBAM or SAS when used in conjunction with avast as back-up on-demand scanners. However that shouldn’t stop a-squared from telling you what the detection was on, without information we are working blind.

I was more concerned with all the trojans that spyware doctor detected…seriously doubt that they’re false positives. But if I did defrag my hard drive, will it get rid of all the viruses on my computer, including the ones in my above posts?

There are no trojans, just a modified hosts file.

A defrag will do nothing to rectify any malware problem as that isn’t its purpose. Only cleaning your hosts file will remove the entries.

Spyware doctor found 4 infections of Trojan.Qhosts but was not able to clean them. Message was something like…not able to clean all infections." "Any idea what to do next?

HostsXpert and HostsMan are great hosts file managers and should help you make a new one.

Hi bms,

Good advice is given by Jtaylor83 and furthermore I added this additional info on the trojan malcode:

Trojan.Qhosts is a trojan that modifies your network settings to point to a different DNS Server, like
[http://]116.37.147.205/hit[REMOVED]

Technical description: http://www.symantec.com/security_response/writeup.jsp?docid=2009-031715-4439-99&tabid=2

Removal instructions:

  1. Disable System Restore (Windows Me/XP).
  2. Remove all the entries that the risk added to the hosts file.
  3. Update your virus definitions.
  4. Run a full system scan.
  5. Delete any values added to the registry

polonus

I just ran my spyware doctor and ran into the same Trojan and it does not seem to remove it. Any advice on how to remove this would be greatly appreciated. I am running the newest version of spyware doctor on Windows XP. these are the four that show up in my full scan.

127.0.0.1, dl1.virusprotectpro.com
127.0.0.1, www.errorsafe.com
127.0.0.1, meizi7472831.com
127.0.0.1, vir usprotectpro.com

Download OTL by OldTimer to your Desktop

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32*.dll /lockedfiles
c:\windows\system32\drivers*.sys /lockedfiles
%systemroot%*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Attach your OTL and Extras log in your next post or upload them to Mediafire.

files attached as requested thanks :slight_smile:

Let’s try to make your hosts file writable

Download HostsXpert 3.7 from the link in my recent post.

  • Unzip and Extract HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click “Make Hosts Writable?” in the upper right corner (If available).
  • Click Restore Microsoft’s Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

followed all of your instructions so far, now we just need to get this Trojan removed. It is still showing up in my scan and not being able to be removed.

Please Download ComboFix by sUBs from here or here onto your desktop as a different filename.

  • Close all open Windows including this one.
  • double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • For the Disclaimer, click Yes to agree.
  • It will tell you the Windows Recovery Console is not installed, click Yes to install the Windows Recovery Console.
  • When Combofix is finished, a log called combofix.txt will appear. Please attach the log in your next post.

Hi,I am new to your forum. I am running free version of AVAST 5.0.594 and while it is not indicating any problems itself. I have
found 2 occurrences of 2 Trojans and 1 spyware within a week of updating avast. ADAWARE 8.0.9 has found and
removed trojanQhost malware, tr.\Magania spyware and tr..\xyagent malware. Is there any reason that your file definitions
are not guarding against these? Thanks, Larry