Hi,

Did a boot scan and it detected a supposed Trojan ( B(space)V: Q(space)HHost(hyphen)S) Trj in my google chrome user data history file for the month ( 2013-03). [ Please remove the space and hyphen]

I tried googling the name of the trojan mentioned above but found only a couple of english results, none of which were too helpful. Surprisingly, there were a large number of Russian sites with this issue, but I didn’t go there for fear of infecting my comp further.

Moving to chest didn’t work, neither did repair. Got a mix of 42060, c x0something error and a bad image which left me with no option but to choose the ignore option while doing the boot scan. Didn’t opt for the delete option.

The infected file in question ( my chrome user data history file) doesn’t exist on my pc, which is what Avast was telling me when it tried to clean the file. I only have a history-journal file for the month ( 2013-03)

Is this a false positive? Can someone please tell me what the trojan that I’ve mentioned does?

Any help will be appreciated.

Thanks

42060 AVAST_REPAIR_NOTREPAIRED [File was not repaired]
trojan and worms cant be repaired, so move to chest or delete

http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99

Trojan.Qhosts is a Trojan Horse that will modify the TCP/IP settings to point to a different DNS server.

Trojan.Qhosts cannot spread by itself. The user must open an HTML page that contains malicious code, which allows the Trojan to open a viral HTML file on the target computer so that the script can create and run the malicious executable.

Hi Pondus,

Thanks for your reply.

But as mentioned above, it didn’t allow me to either repair or move to chest either.

Plus you referred to qhosts, mine had an extra h ( it is qhhosts)

Also, I mentioned that it picked up my chrome history file as the one containing the trojan. That file was not found by me manually either after the boot scan finished. I only had a history-journal file for the month not the main history index file it was referring to.

However after I started Chrome ( between the time of posting these two messages), both the history-journal file and the history file which it referred to appeared. Did a quick scan on that history file with Avast as well as Virus total. Gave me nothing. Did MBAM and Eset as well- nothing there either.

Regards

Plus you referred to qhosts, mine had an extra h ( it is qhhosts)

https://www.virustotal.com/en/file/4b6a0793c53a1182e30f1740a3e961eecb408a9fe4108199b1e74c1705b3a566/analysis/
https://www.virustotal.com/en/file/c69f655436995c0de47325acd4d86e903f1a5bb6836120144aacee3c538d0713/analysis/

Even more weird stuff.

First virus boot scan reported it.

I did a full MBAM and Eset scan, nothing reported.

Again did a boot scan. This time nothing found?

I went through the hosts file. Mine seems perfectly okay.

How did this happen?