FYI: Kaspersky Anti-virus latest definitions have identified dcsres.exe as Trojan.win32.qhost.cq. I have Kaspersky scheduled to update and scan every night, but last night it brought up the alert. I am pretty sure it is a false positive. I also have an older version of the TDS-3 installation among my files, and it alerted on that also as the same file: Trojan.win32.qhost.cq.

Seems kind of odd . . . as I noticed the earlier post about Panda which also seems to have alerted on the same file.

Hi Damax,

I have already added my findings to the 2003 post but seeing as yours is current I have cut n paste to put it here; hope you don't mind.

"I have just installed KAV Personal Trial version 5.

It picked up one Trojan which was dcsres.exe or Trojaan.Win32.Qhost.cq in my C:/Programme/Protection folder which I forgot (I blame my age and medication that makes me forgetful early morning) that this is my TDS-3 Licenced Edition folder. I have deleted this "virus" as KAV said it was necessary to do so.

Having not used KAV before and I am doing so on trial for 2 days then I will move onto NOD32 on trial. I want to see for myself out of the two which I prefere before I wipe my hard drives and re-install windows next week.

Back to the so called infection it is in the backup of KAV so whether I can reinstall the file I do not know; it is not in quarantine just backup.

Why has KAV picked this up as a Trojan seeing as though this appears to be an old post?

Will I have to reinstall TDS-3 now?

Thanks"

Depending on your settings in Kaspersky, you should be able to go into the Kaspersy interface|General Tab|View File From Backup|Restore File. Kaspersky will warn you, but you can still restore it. I don't know how necessary the file is, as I was able to shut down TDS-3 and start it up again without a problem . . . but I was able to restore it after Kaspersky deleted it.

Appears several antivirus software programs are identifying the dcsres.exe file as a trojan.

Results of a file scan
This is a report processed by VirusTotal on 07/19/2005 at 21:01:12 (CET) after scanning the file "dcsres.exe" file.
Antivirus Version Update Result
AntiVir 6.31.0.9 07.19.2005 no virus found
AVG 718 07.19.2005 no virus found
Avira 6.31.0.9 07.19.2005 no virus found
BitDefender 7.0 07.19.2005 no virus found
CAT-QuickHeal 7.03 07.19.2005 (Suspicious) - DNAScan
ClamAV devel-20050712 07.19.2005 no virus found
DrWeb 4.32b 07.19.2005 no virus found
eTrust-Iris 7.1.194.0 07.19.2005 no virus found
eTrust-Vet 11.9.1.0 07.19.2005 no virus found
Fortinet 2.36.0.0 07.19.2005 W32/Qhost.CQ-tr
F-Prot 3.16c 07.19.2005 no virus found
Ikarus 2.32 07.19.2005 no virus found
Kaspersky 4.0.2.24 07.19.2005 no virus found
McAfee 4538 07.19.2005 no virus found
NOD32v2 1.1173 07.19.2005 no virus found
Norman 5.70.10 07.19.2005 no virus found
Panda 8.02.00 07.19.2005 Trj/Qhost.BM
Sybari 7.5.1314 07.19.2005 no virus found
Symantec 8.0 07.19.2005 no virus found
TheHacker 5.8.2.072 07.19.2005 no virus found
VBA32 3.10.4 07.19.2005 Trojan.Win32.Qhost.cq

Panda have now fixed it in this Mornings Update, they inform me

And If VBA haven't already then they will very soon

{QUOTE-> Panda have now fixed it in this Mornings Update, they inform me

And If VBA haven't already then they will very soon <-QUOTE}

Hi Derek,

Do you know whether KAV has fixed it?

The strange thing is that I didn't get the warning from KAV 4.5 on W98SE (scanned in Safe Mode).

Cheers, Jan.

Hi
I have descovered the false alarm with panda and the antivirus desinfected the file, do i have to reinstall the TDS3 antitrojan.
Thank you


Mário

Kav wasn't detecting it yesterday on my computer BUT it is with this mornings update so I have emailed KAV and alerted them

If I don't get a response within a couple of hours and I normally do then I have a private email for head of development who will definitely respond quickly

{QUOTE-> Kav wasn't detecting it yesterday on my computer BUT it is with this mornings update so I have emailed KAV and alerted them

If I don't get a response within a couple of hours and I normally do then I have a private email for head of development who will definitely respond quickly <-QUOTE}

Thanks Derek !!!

Well, just got the warning now too from KAV 4.5 on W98SE, defs 131200

Edited to add:
And with the defs 131253

I think Gavin or Wayne had better email to Eugene at KAV about this as their analysts seem to be saying that as it does change the hosts file with no apparant warning to the user it stays detected as part of the q-hosts general detection I assume

If Wayne of Gavin can convince them it's good something might happen

I have sent a private message to a couple of KAV boids I know to see if they can sort it out but it doesn't look hopeful from my end

Just heard back from Aleks Gostev, Kaspersky Lab:

"False will be fixed in next update."

After several emails back and forth he has also replied to me saying it will be removed in next update so that is a result as well

With the defs 131261 still detected as Trojan-Clicker.Win32.Qhost.i

Checked again (with the defs 131323): it looks like it is fixed :)

{QUOTE-> Hi
I have descovered the false alarm with panda and the antivirus desinfected the file, do i have to reinstall the TDS3 antitrojan.
Thank you


Mário <-QUOTE}

Hi Mario,

I can just send you the file if you like, I'll email it shortly.

Thanks to everyone for alerting KAV, and thanks to KAV for a speedy fix :)

Hi
Thank you gavin i received it and because i am a newbie i want to make sure that i did the right thing i have placed it in c:\programas\tds3 is it correct?
Thank you very much this is a great forum and i have learned and still learn a lot with it.
Best regards


Mário

Hi, mário

{QUOTE-> have placed it in c:\programas\tds3 is it correct? <-QUOTE}
Yes you have put it in the correct folder [place].

Take Care,
TheQuest 8)