Trojan:Win32/Qhost.QX!bit removal tips

The Trojan:Win32/Qhost.QX!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Qhost.QX!bit virus can do?

Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Qhost.QX!bit?


File Info:
name: E8C8BE6716B0110FDD53.mlw
path: /opt/CAPEv2/storage/binaries/99364450f25ebbd6b1fd0222e575560ffa05c046f1bb728d258e33319a6fc134
crc32: E7C8BF75
md5: e8c8be6716b0110fdd53ea9de1be27df
sha1: 642e63d3e08c2d8e4bce8f2d0287c6b3153ab2b7
sha256: 99364450f25ebbd6b1fd0222e575560ffa05c046f1bb728d258e33319a6fc134
sha512: 18050f55d2d5c41811fc684f1f5f0953676e8ee112c1f41d32cd545b024c60101562e95f114e80ac0017762884f89ac96e27c526612434e2d9ddac63f310f71b
ssdeep: 49152:OvP5EbY3bbY3wvP5EbY3bbY3bbY3wvP5EbY3bbY3bbY3bbY3wvP5EbY3bbY3bbYq:QD4eD44eD444eD4444et
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T17F469E12B5D04CF2D562513549A18B39E6B1F9310B21CB93B7A8DF2E7F375A19E3A302
sha3_384: 4ce497730791f7f650948513ee385ebd189848b706b521c1eecc3c18fe43dc97b9a226d26e04cc121436d0a7d616a0fd
ep_bytes: 4883ec28e8370300004883c428e92afe
timestamp: 1970-04-14 09:36:10

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Security Client Policy Configuration Tool
FileVersion: 4.13.17134.1 (WinBuild.160101.0800)
InternalName: ConfigSecurityPolicy.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ConfigSecurityPolicy.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 4.13.17134.1
Translation: 0x0409 0x04b0

Trojan:Win32/Qhost.QX!bit also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.57610
FireEye	Gen:Variant.Tedy.57610
ALYac	Gen:Variant.Tedy.57610
Malwarebytes	Malware.AI.793849284
Cybereason	malicious.716b01
Cyren	W64/Agent.DVV.gen!Eldorado
Symantec	Trojan.Gen.2
APEX	Malicious
ClamAV	Win.Trojan.Qhost-160
BitDefender	Gen:Variant.Tedy.57610
NANO-Antivirus	Trojan.Win32.BtcMine.exddfs
Avast	Win32:Miner-AL [Trj]
Ad-Aware	Gen:Variant.Tedy.57610
Sophos	Troj/Agent-AYMB
DrWeb	Tool.BtcMine.1051
Emsisoft	Gen:Variant.Tedy.57610 (B)
Antiy-AVL	Trojan/Generic.ASCommon.192
Microsoft	Trojan:Win32/Qhost.QX!bit
GData	Gen:Variant.Tedy.57610
Cynet	Malicious (score: 100)
MAX	malware (ai score=80)
VBA32	Trojan.Qhost
Rising	Trojan.Kryptik!1.B3E8 (CLASSIC)
Ikarus	Exploit.Win32.RpcDcom
Fortinet	W64/Agent.6B27!tr
BitDefenderTheta	AI:Packer.BFA0CA0220
AVG	Win32:Miner-AL [Trj]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Trojan:Win32/Qhost.QX!bit?

Trojan:Win32/Qhost.QX!bit removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X