trj/Qhost.BM

Discussion in 'Trojan Defence Suite' started by m?rio, Jul 18, 2005.

Thread Status:
Not open for further replies.
  1. m?rio

    m?rio Guest

    Hi
    I have a question my antivirus panda titanium found this in c:\programas\TDS3\dcsres.exe is it a false positive should i be concerned?
    Thank you very much for your answears.
     
  2. FanJ

    FanJ Guest

    Hi,

    I guess it is a false positive from your Panda.
    I have that file for quite a long time ;) and sofar nothing wrong with it.
    I also just let Jotti's online scan check it: clean ;)

    You might like to check the MD5 checksum of the file.
    Mine is:
    aec0b0e928b94772a3f5a25277c9f713

    If you have the same MD5, may I ask you please to inform the Panda corporation that it is false positive?
    Thanks !

    Cheers, Jan.
     
  3. m?rio

    m?rio Guest

    Hi
    i can tell you that they have not this virus in there enciclopedia if you go to there site and make a search there is no result.
    Another thing, the Antivirus deleted that file how can i check the sum file?
    Thank you very much for the prompt answear.






    P.S. sorry about my english
     
  4. FanJ

    FanJ Guest

    Hi Mário,

    Nothing wrong with your English :)
    We are coming from all over the world. I myself from The Netherlands, and I certainly do know that my English is far from good!

    First: I am not very familiar with Panda, so I do not know if that file was indeed deleted or maybe put in some quarantine.
    Of course if the file is deleted, you cannot check its MD5 checksum.

    What I would advice:
    - tell us your operating system (Windows 98, ME, NT, 2000, XP, etc.) and language version.
    - tell us which Panda version gave you that warning.
    - tell us whether you have the trial version of TDS-3 or the licenced version.

    I will email Gavin about your question and this thread, so he might have a look at it.
    Maybe he wants your email-address, but don't post it here in public.
    If you yourself wants to contact Gavin, send an email to:
    support(at)diamondcs.com.au

    Maybe you need to uninstall and re-install TDS-3, but let us wait for the answer from Gavin.

    Regards, Jan.
     
  5. FanJ

    FanJ Guest

    Just for your info:
    Email has been send to Gavin.
     
  6. m?rio

    m?rio Guest

    I run my registered version of tds3 on windows xp portuguese.
    Thank you again

    Mário
     
  7. m?rio

    m?rio Guest

    ok thank you for your help
    I have send also an e-mail to him i hope he doesnt be ungry for both send an email about the same question.
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Definitely a false alarm, either their signature it too "loose" causing the false alarm, OR maybe there is partly a heuristic detection going on (dcsres.exe changes the hosts file in a GOOD way, not a bad way)

    You should report this to them so they can fix it soon
     
  9. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    KAV 5.0.372 with latest databases.

    dcsres.exe = is a Trojan Trojan.Win32.Qhost.cq

    So there's more than just Panda with FP.

    Just FYI.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    They're rather late with that, since the file exists at least for five years. :cool:
    So can you please be so kind as to tell KAV it's not a baddy at all but protection for baddies?

    I remember many years ago i installed a trial scanner which detected the whole database of another scanner as malware, without any warning and had removed it completely, again without any warning. So you can imagine which software was uninstalled fast!
     
  11. Cyborg

    Cyborg Registered Member

    Joined:
    Dec 8, 2003
    Posts:
    78
    I have just installed KAV Personal Trial version 5.

    It picked up one Trojan which was dcsres.exe or Trojaan.Win32.Qhost.cq in my C:/Programme/Protection folder which I forgot (I blame my age and medication that makes me forgetful early morning) that this is my TDS-3 Licenced Edition folder. I have deleted this "virus" as KAV said it was necessary to do so.

    Having not used KAV before and I am doing so on trial for 2 days then I will move onto NOD32 on trial. I want to see for myself out of the two which I prefere before I wipe my hard drives and re-install windows next week.

    Back to the so called infection it is in the backup of KAV so whether I can reinstall the file I do not know; it is not in quarantine just backup.

    Why has KAV picked this up as a Trojan seeing as though this appears to be an old post?

    Will I have to reinstall TDS-3 now?

    Thanks
     
  12. Green Giant

    Green Giant Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    252
    I have had the same false positive identification with Panda Titanium 2005 finding Trj/Qhost.BM in c:\program files\tds3\dcsres.exe and have e-mailed Panda via their program.

    From past experience replies are very late assuming one gets a reply at all!
     
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    No, because you can restore the file from "View Backup" in the main Kaspersky window. :)
     
  14. FanJ

    FanJ Guest

    Hi,

    For those of you who had that warning from KAV, may I ask (just for my understanding) which definitions were used?
    I mean: the "normal" ones, or the extended ones, etc.
    And on which Windows version (ME-98-NT-2000-XP etc)?

    Thanks !
    Regards, Jan.
     
Thread Status:
Not open for further replies.