Ace 0 Posted May 3, 2004 Ok, here's my situation. My computer has been infected with the Trojan Virus called Qhosts.apd according to McAfee. This occured when my computer restarted on its own automatically. When it booted back up, McAfee caught this virus and I press delete and it says successful in deleteing. But when surfing the net, the computer reboots again on its own and the same message pops up with the same virus. This time I can't delete it and I have to press Stop or Exclue and Apply it to all items. Obviously the virus is still there so I get the Symantec Removal Tool for Qhosts Viruses. But it didn't find anything because it seems to only remove Qhosts-1 or something. I rebooted the computer manually without the interent being connected and this time no McAfee message. I try to use the Removal Tool again and during the process McAfee pops up with the message. I press delete and says it's successful. I reboot manually, it boots up with McAfee message. I press delete and it's successful. Right now it seems ok, but I'm afraid the virus is still there and the computer could restart any second. I did a search with Ad-aware and Spybot but it didn't find anything. I also did a search with McAfee and it found nothing. And lastly after I got the virus, all these .exe appeared in my C drive. The names were like aaaxwszx.exe and names like that one with different letters. There's like 234 of them and they all range sizes from 16kb-135kb. There's also a txt file that says test.txt and inside it says: ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- end msgfilter ----- MsgFilter CheckScroll Before ScrollInfo Got Scroll Info ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- end check scroll ----- end msgfilter ----- mouse move CheckScroll Before ScrollInfo Got Scroll Info end check scroll ----- mouse move exit ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- ctrl color exit ctrlcolor ----- That's it. So sorry for the really long message but I don't want my computer messing up for like the 6th time almost. Thanks. Share this post Link to post
Ace 0 Posted May 3, 2004 Sorry, forgot to mention I'm running Windows XP Pro. Share this post Link to post
Ace 0 Posted May 4, 2004 Hey, I've been reading more about this Trojan, Qhosts.apd. Ignore that text file I pasted up in my last post. For some reason now, I cannot access websites such as Symantec or McAfee. I have the Trojan Qhosts.apd that I believe causes these things. The trojan insterts more things into a HOSTS file like 127.0.0.1: www.symantec.com. I guess this causes the website to redirect back to a page where it cannot be displayed. Also, a bunch of strange .exe appeared in my C drive such as aaaxwszx.exe and agasbxgj.exe and there's like 200 of them. The Symantec Removal Tool doesn't help me remove the Trojan either since I ran the tool like 5 times. So could someone help me so that I can completely remove the trojan, tell me what to do about those .exe's and fix the HOSTS file so I can get to websites such as McAfee. Lastly, would using Ad-Aware and customizing it to search and fix HOSTS file fix the the Trojan? Very last question. In the msconfig, I changed it a bit so that a particular program won't startup at startup. After I got the Trojan, the message that used to pop up saying that I have changed things inside the msconfig and told me that I could change it back to normal, now pops up and goes away right away. Now it pops up and disappers. So how could that have happened? Thanks a bunch. Share this post Link to post
bizdevgeeks 0 Posted January 29, 2006 go here and download and unzip this tool http://www.cexx.org/lspfix.zip LSP stands for layered service protocol. install it run it do a scan but do not make any changes. copy down the files in the keep and remove windows and post them here. You close without making changes by clicking the x in top right hand corner like any other file window. clicking finish accepts the changes LSPFIX recommends You may also want to google LSPFIX and learn more about what it does and how to use it My newest website www.geeksofgloucester should be published online by 02/15/06 Share this post Link to post
Cormac 0 Posted January 29, 2006 Hi Ace, I did some googling and it says the Qhosts.apd is a modified HOST file. So lets get rid of that corrupt HOST file. Just go in and delete it. Now go here and download the HOSTS zip and unzip it to your HOSTS file. http://www.mvps.org/winhelp2002/hosts.htm Then go here and download this program. It is called SpywareBlaster. It allows you to make a backup of your HOST files should anything happen to it. http://www.majorgeeks.com/download.php?det=2859 When you did your virus scans did you remember to turn off System Restore?? If you didn't it will just make a copy of the virus. Personally I don't care much for MacAfee, it never seems to work well for people I know. Your best bet might be to download a trial vesion of F-Secure or Kaspersky and run them, just remember to have the system restore off. The addy for F-secure is: http://esd.element5.com/demoreg.html?productid=300042690&languageid=1 The addy for Kaspersky is: http://www.kasperskyusa.com/promotions/t...apter=146481750 with Kaspersky after you fill out the form just hit enter. They don't have a button to click on. Do those things and come back and let us know what happened Share this post Link to post
Sampson 0 Posted January 29, 2006 Cormac - slow down guy. Ace hasn't been here since May of 2004. This is is just another one of those posts that has been resurrected from the dead. It will be nice when Phillipe can put a halter on these. Share this post Link to post
Cormac 0 Posted January 29, 2006 Thanks Sampson, I didn't even check the date before that guys post. Man I hate when that happens. I don't know if you saw my other post about yutao. Philipp said there should be a way to close old postings in the next upgrade. Well if someone else has HOST problems they can look at my post for help. :) Share this post Link to post
Relic 0 Posted January 29, 2006 What's sad is that the original poster didna get an answer until a year and a half later. x) Share this post Link to post
