Ode to Qhosts.apd, oh how I adore thee!

Discussion in 'Windows Desktop Systems' started by kcnychief, Jul 7, 2005.

  1. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Trojan Virus Qhosts.apd, remedies and suggestions

    Alright, so I have this computer that is infected with Qhosts.apd. It is a HP PIII 500mhz CPU running Windows 2000. Before anyone says anything, I know it's a P.O.S. and I am replacing it, but the Geek in me wants to get to the bottom of this as well.

    The machine didn't have AV protection (it's not my machine, not my fault) which makes it tough. Incase anyone doesn't know what Qhosts.apd does, read this....

    http://vil.nai.com/vil/content/v_124880.htm

    Basically, you could install AV off a CD or wherever, just can't update. Also can't get to Windows Update, and since it had dial-up, it's also very behind there as well.

    So, I obtained a copy of McAfee Enterprise Edition 8.0i from work, downloaded the lastest SuperDat file from another computer to patch the machine.

    I just got to that point about 5am this morning and left it scanning when I went to work, so I am not sure of the results as of yet. I have cleared out this virus before, but only on XP machines.

    I did a little searching on OSNN, and Google, found a few interesting threads...

    This one, personally, I thought was OK. The information seemed redundant, but OBVIOUSLY outdated. Just goes to show how much of a thorn in the side this one was when it was fresh out and hard to fix at first glance when the infection was new.
    http://forum.osnn.net/showthread.php?t=46615&highlight=qhosts.apd

    An important thing of note, was through readings I found this critical update (at least apparently) fixes the vulnerability. I have downloaded this onto my USB Jump Drive, and will install that on the machine when I return home this evening.
    http://www.microsoft.com/windows/ie/downloads/critical/828750/default.mspx

    Apparently, it also makes rogue registry entries, but I haven't had the chance to check the validity of this yet, since I am again, still not home :)
    http://www.z-virus.com/virus/mytob-bf.htm

    Lastly, if McAfee itself can't fix it from the updated SuperDAT and Engine files (which from what I have read it should) I am going to use MSCONFIG partnered with HiJack this to narrow down to the puny process that is causing this headache.

    I don't really know if I need much help, at least as of yet, since the scan is probably finished waiting for me like my kitten is at home :)

    I figured, since I did a little research, I would share my findings with others, see if anyone else had some insight that I either haven't found or thought of yet.
     
    Last edited: Jul 7, 2005
  2. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Has anyone else gone through similar tactics to rid themselves of this annoyance?
     
  3. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Just to follow up, I can confirm that the latest up to date AV files will cure this 100%
     
  4. zeke_mo

    zeke_mo (value not set) Staff Member Political User Folding Team

    Messages:
    1,984
    Location:
    Placerville, CA
    You can always stick the drive on another computer that has AV. Its a risky way to do it but it works....sometimes