Uber weird Boot scan detects Trojan in Google History file?

[peonp]

Hi,

Did a boot scan and it detected a supposed Trojan ( B(space)V: Q(space)HHost(hyphen)S) Trj in my google chrome user data history file for the month ( 2013-03). [ Please remove the space and hyphen]

I tried googling the name of the trojan mentioned above but found only a couple of english results, none of which were too helpful. Surprisingly, there were a large number of Russian sites with this issue, but I didn't go there for fear of infecting my comp further.

Moving to chest didn't work, neither did repair.  Got a mix of 42060, c x0something error and a bad image which left me with no option but to choose the ignore option while doing the boot scan. Didn't opt for the delete option.

The infected file in question ( my chrome user data history file) doesn't exist on my pc, which is what Avast was telling me when it tried to clean the file. I only have a history-journal file for the month ( 2013-03)

Is this a false positive? Can someone please tell me what the trojan that I've mentioned does?

Any help will be appreciated.

Thanks

[Pondus]

42060 AVAST_REPAIR_NOTREPAIRED      [File was not repaired]
trojan and worms cant be repaired, so move to chest or delete

http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99

Trojan.Qhosts is a Trojan Horse that will modify the TCP/IP settings to point to a different DNS server.

Trojan.Qhosts cannot spread by itself. The user must open an HTML page that contains malicious code, which allows the Trojan to open a viral HTML file on the target computer so that the script can create and run the malicious executable.

[peonp]

Hi Pondus,

Thanks for your reply.

But as mentioned above, it didn't allow me to either repair or move to chest either.

Plus you referred to qhosts, mine had an extra h ( it is qhhosts)

Also, I mentioned that it picked up my chrome history file as the one containing the trojan. That file was not found by me manually either after the boot scan finished. I only had a history-journal file for the month not the main history index file it was referring to.

However after I started Chrome ( between the time of posting these two messages), both the history-journal file and the history file which it referred to appeared. Did a quick scan on that history file with Avast as well as Virus total.  Gave me nothing. Did MBAM and Eset as well- nothing there either.

Regards

[Pondus]

Plus you referred to qhosts, mine had an extra h ( it is qhhosts)

the AV vendors all have different names on malware

https://www.virustotal.com/en/file/4b6a0793c53a1182e30f1740a3e961eecb408a9fe4108199b1e74c1705b3a566/analysis/
https://www.virustotal.com/en/file/c69f655436995c0de47325acd4d86e903f1a5bb6836120144aacee3c538d0713/analysis/

[peonp]

Even more weird stuff.

First virus boot scan reported it.

I did a full MBAM and Eset scan, nothing reported.

Again did a boot scan. This time nothing found?

I went through the hosts file. Mine seems perfectly okay.

How did this happen?