Re: Qhost.apd virus .exe file found. Isolated; need to destroy!

From: Bozar (_at_msn.com)
Date: 12/21/04


Date: Mon, 20 Dec 2004 18:49:05 -0800

Dave;
No. It does not exist.

"David H. Lipman" wrote:

> Bozar:
>
> I'm not familiar with that new retail version of McAfee.
>
> Please search the "C:\Program Files\" directory tree for SCAN.EXE.
>
> Please reply back if it exists or not. If it does NOT exist, email me and I can tell you
> how to download and install it. I can't post that information publicly due to licensing
> issues. Just remove ~nospam~.
>
> Dave
>
>
>
>
> "Bozar" <Myself@msn.com> wrote in message
> news:65FBD0D7-9DC6-4053-BF9D-315CA5887798@microsoft.com...
> | I'm sorry, virusscan Build 9.0.10 Eng 4.4.00 Dat 4.0.4415 also, Mcafee
> | Personal firewall V 6.0.6014 .
> |
> | "David H. Lipman" wrote:
> |
> | > Why didn't you mention you had McAfee in the first place ?
> | >
> | > What version is the software ?
> | > What version is the DAT revision ?
> | > What is the ENGINE version ?
> | >
> | > Dave
> | >
> | >
> | >
> | >
> | > "Bozar" <Myself@msn.com> wrote in message
> | > news:2FF7CA24-ED54-4312-A8C5-0A11EFF15090@microsoft.com...
> | > | Dave;
> | > | I did all that you suggested. Sysclean found nothing, also during its scan
> | > | almost all checks were coming up access denied. I did both sysclean and
> | > | Adware. After 3 cleanings and scans, I rebooted in normal mode and the Qhosts
> | > | is still there. After startup, MCafee states of a virus in
> | > | windows/system/32/drivers/etc and delated it. but it regenerates itself
> | > | whenever the system is rebooted. Any other thoughts?
> | > |
> | > | "David H. Lipman" wrote:
> | > |
> | > | > There are anti virus News Groups specifically for this type of discussion.
> | > | >
> | > | > microsoft.public.scripting.virus.discussion
> | > | > microsoft.public.security.virus
> | > | > alt.comp.virus
> | > | > alt.comp.anti-virus
> | > | >
> | > | > 1) Download the following three items...
> | > | >
> | > | > Trend Sysclean Package
> | > | > http://www.trendmicro.com/download/dcs.asp
> | > | >
> | > | > Latest Trend signature files.
> | > | > http://www.trendmicro.com/download/pattern.asp
> | > | >
> | > | > Adaware SE (free personal version v1.05)
> | > | > http://www.lavasoftusa.com/
> | > | >
> | > | > Create a directory.
> | > | > On drive "C:\"
> | > | > (e.g., "c:\New Folder")
> | > | > or the desktop
> | > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | > | >
> | > | > Download SYSCLEAN.COM and place it in that directory.
> | > | > Download the Trend Pattern File by obtaining the ZIP file.
> | > | > For example; lpt307.zip
> | > | >
> | > | > Extract the contents of the ZIP file and place the contents in the same directory as
> | > | > SYSCLEAN.COM.
> | > | >
> | > | > 2) Update Adaware with the latest definitions.
> | > | > 3) If you are using WinME or WinXP, disable System Restore
> | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> | > | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
> | > | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of
> your
> | > | > platform and clean/delete any infectors/parasites found.
> | > | > (a few cycles may be needed)
> | > | > 6) Restart your PC and perform a "final" Full Scan of your platform using both
> the
> | > | > Trend Sysclean utility and Adaware
> | > | > 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> | > | > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> | > | > 8) Reboot your PC.
> | > | > 9) If you are using WinME or WinXP, create a new Restore point
> | > | >
> | > | > * * * Please report back your results * * *
> | > | >
> | > | > Dave
> | > | >
> | > | >
> | > | >
> | > | >
> | > | >
> | > | > "Bozar" <Myself@msn.com> wrote in message
> | > | > news:DD25E760-270B-4137-9C48-3FFD033C63DF@microsoft.com...
> | > | > | I found the .exe file the Qhost is in which is csmrs.exe in
> | > | > | Windows/system32/.
> | > | > | I made a new folder and moved it from the sys32. The file is write protected
> | > | > | and won't let me deleat it. How do I destroy it. Also it has left a comand or
> | > | > | it is in that file that when I dail up it changes my network options under
> | > | > | Connection Tab from "Never dai"l to "Dial whenever there is no connection
> | > | > | present". How do I correct that? It won't dail beacuase I have it on non auto
> | > | > | dail.
> | > | > | --
> | > | > | Truckin'
> | > | >
> | > | >
> | > | >
> | >
> | >
> | >
>
>
>