I have a friend in Odessa, Uk and his computer is infected with Qhost trojan. I was trying to help him clean it. Sent him copy of Stinger.exe, Symantec Qhost trojan remover, Spybot, Ad-aware, etc. He tried running all the tools in Safe Mode having disabled System Restore. No luck. So, while searching Google for manual removable instructions, I clicked on www.f-secure.com/v-descs/qhost.shtml , and immediately IMON pops up and tells me that I have Qhost trojan. I terminated it and of course I do not have the trojan. How's that for hyper-sensitivity? :D

-{ Quote: "I have a friend in Odessa, Uk and his computer is infected with Qhost trojan. I was trying to help him clean it. Sent him copy of Stinger.exe, Symantec Qhost trojan remover, Spybot, Ad-aware, etc. He tried running all the tools in Safe Mode having disabled System Restore. No luck. So, while searching Google for manual removable instructions, I clicked on www.f-secure.com/v-descs/qhost.shtml , and immediately IMON pops up and tells me that I have Qhost trojan. I terminated it and of course I do not have the trojan. How's that for hyper-sensitivity? :D" }-
Sounds like a False Positive, can you send that link to Eset.

sample@nod32.com I think would be best.


As to helping your friend, there is a link here (http://www.wilderssecurity.com/showthread.php?t=47830) that should get her all cleaned up...

Hope this helps...

Let us know how you go...

Cheers ;D

I think Eset and F-Secure need to take a look at the page. IMON picks it up as infected, when you click terminate connection, the page continues to load and then the browser( in this case firefox) says the object contains no data after the viewable portion of the page is done loading. I am not sure if IMON is just picking up on the localhost changes displayed on the page as they are a trojaned host file or something else.

flyrfan111 - that is my experience also. I am using Firefox, and after IMON pops up with the infection warning and I terminate, the page does, as you say, continue to load, but a little box pops up that says "empty file". I was just wondering if Nod32 was that sensitive to F-secure or what. But as you say, Nod32 and F-secure should take a look at that page.
Blackspear, is there any point in sending link to Nod32 support? It is posted here. All they have to do is click it. :D

Tried the same myself and got the same result. Cool though, I am impressed at its sensitivity.
Have only got it all set up today after running NAV, liking it now after the setting up process, takes a bit of getting used to but has grown on me now.

-{ Quote: "...Blackspear, is there any point in sending link to Nod32 support? It is posted here. All they have to do is click it. :D" }-
Sometimes you will receive a quicker response by doing so...

Cheers ;D

Looks like the site loads fine now. Must have been an FP (and fixed ;) ).

-{ Quote: "I have a friend in Odessa, Uk and his computer is infected with Qhost trojan. I was trying to help him clean it. Sent him copy of Stinger.exe, Symantec Qhost trojan remover, Spybot, Ad-aware, etc. He tried running all the tools in Safe Mode having disabled System Restore. No luck. So, while searching Google for manual removable instructions, I clicked on www.f-secure.com/v-descs/qhost.shtml , and immediately IMON pops up and tells me that I have Qhost trojan. I terminated it and of course I do not have the trojan. How's that for hyper-sensitivity? :D" }-

Looks like you are correct rumpstah. Maybe we had something to do with it? ::)

-{ Quote: "Looks like you are correct rumpstah. Maybe we had something to do with it? ::)" }-
LOL, good to see there has been a result...

Cheers ;D