Need help with virus

Discussion 7

Ace

89 Posts
Location -
Joined 2001-11-28

2004-05-03 04:30

Ok, here's my situation. My computer has been infected with the Trojan Virus called Qhosts.apd according to McAfee. This occured when my computer restarted on its own automatically. When it booted back up, McAfee caught this virus and I press delete and it says successful in deleteing. But when surfing the net, the computer reboots again on its own and the same message pops up with the same virus. This time I can't delete it and I have to press Stop or Exclue and Apply it to all items.

Obviously the virus is still there so I get the Symantec Removal Tool for Qhosts Viruses. But it didn't find anything because it seems to only remove Qhosts-1 or something. I rebooted the computer manually without the interent being connected and this time no McAfee message. I try to use the Removal Tool again and during the process McAfee pops up with the message. I press delete and says it's successful. I reboot manually, it boots up with McAfee message. I press delete and it's successful.

Right now it seems ok, but I'm afraid the virus is still there and the computer could restart any second. I did a search with Ad-aware and Spybot but it didn't find anything. I also did a search with McAfee and it found nothing. And lastly after I got the virus, all these .exe appeared in my C drive. The names were like aaaxwszx.exe and names like that one with different letters. There's like 234 of them and they all range sizes from 16kb-135kb.

There's also a txt file that says test.txt and inside it says:
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
end check scroll
-----
end msgfilter
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----

That's it. So sorry for the really long message but I don't want my computer messing up for like the 6th time almost.

Thanks.

Mechwarrior 3 campaine mode crashs

HELP!! DESCENT FREESPACE: THE GREAT WAR ON XP DO NOT DETEC CD!!

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.

Create a new user account. Registration is free and takes only a few seconds.

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic

Ace

89 Posts
Location -
Joined 2001-11-28

#126000

2004-05-03 04:46

Sorry, forgot to mention I'm running Windows XP Pro.

Ace

89 Posts
Location -
Joined 2001-11-28

#126001

2004-05-04 05:59

Hey, I've been reading more about this Trojan, Qhosts.apd. Ignore that text file I pasted up in my last post. For some reason now, I cannot access websites such as Symantec or McAfee. I have the Trojan Qhosts.apd that I believe causes these things. The trojan insterts more things into a HOSTS file like 127.0.0.1: www.symantec.com. I guess this causes the website to redirect back to a page where it cannot be displayed. Also, a bunch of strange .exe appeared in my C drive such as aaaxwszx.exe and agasbxgj.exe and there's like 200 of them.

The Symantec Removal Tool doesn't help me remove the Trojan either since I ran the tool like 5 times. So could someone help me so that I can completely remove the trojan, tell me what to do about those .exe's and fix the HOSTS file so I can get to websites such as McAfee.

Lastly, would using Ad-Aware and customizing it to search and fix HOSTS file fix the the Trojan?

Very last question. In the msconfig, I changed it a bit so that a particular program won't startup at startup. After I got the Trojan, the message that used to pop up saying that I have changed things inside the msconfig and told me that I could change it back to normal, now pops up and goes away right away. Now it pops up and disappers. So how could that have happened?

Thanks a bunch.

bizdevgeeks

1 Posts
Location -
Joined 2006-01-29

#126002

2006-01-29 04:26

go here and download and unzip this tool
http://www.cexx.org/lspfix.zip

LSP stands for layered service protocol. install it run it do a scan but do not make any changes. copy down the files in the keep and remove windows and post them here. You close without making changes by clicking the x in top right hand corner like any other file window. clicking finish accepts the changes LSPFIX recommends

You may also want to google LSPFIX and learn more about what it does and how to use it

My newest website
www.geeksofgloucester
should be published
online by 02/15/06

Cormac

397 Posts
Location -
Joined 2005-06-17

#126003

2006-01-29 09:57

Hi Ace,
I did some googling and it says the Qhosts.apd is a modified HOST file. So lets get rid of that corrupt HOST file. Just go in and delete it.
Now go here and download the HOSTS zip and unzip it to your HOSTS file. http://www.mvps.org/winhelp2002/hosts.htm

Then go here and download this program. It is called SpywareBlaster. It allows you to make a backup of your HOST files should anything happen to it. http://www.majorgeeks.com/download.php?det=2859
When you did your virus scans did you remember to turn off System Restore?? If you didn't it will just make a copy of the virus.
Personally I don't care much for MacAfee, it never seems to work well for people I know.
Your best bet might be to download a trial vesion of F-Secure or Kaspersky and run them, just remember to have the system restore off.
The addy for F-secure is: http://esd.element5.com/demoreg.html?productid=300042690&languageid=1
The addy for Kaspersky is: http://www.kasperskyusa.com/promotions/t...apter=146481750 with Kaspersky after you fill out the form just hit enter. They don't have a button to click on.

Do those things and come back and let us know what happened

Sampson

1457 Posts
Location -
Joined 2001-12-18

#126004

2006-01-29 12:20

Cormac - slow down guy. Ace hasn't been here since May of 2004. This is is just another one of those posts that has been resurrected from the dead. It will be nice when Phillipe can put a halter on these.

Cormac

397 Posts
Location -
Joined 2005-06-17

#126005

2006-01-29 12:59

Thanks Sampson,
I didn't even check the date before that guys post. Man I hate when that happens.
I don't know if you saw my other post about yutao. Philipp said there should be a way to close old postings in the next upgrade.

Well if someone else has HOST problems they can look at my post for help.

Relic

513 Posts
Location -
Joined 2005-02-12

#126006

2006-01-29 15:45

What's sad is that the original poster didna get an answer until a year and a half later. x)