PDA

View Full Version : Spybot stuck on initial scan when it finds Win32.Qhost.ahnj



Silkie
2016-11-27, 01:10
I downloaded Spybot today ver 2.5.42 and did a full scan and when it finds a file or process called Win32.Qhost.ahnj it gets stuck and just does not move on (33.2 %)

I am running Windows 10 with Defender off and Bitdefender on

Any help much appreciated

tashi
2016-11-27, 17:44
Hello Silkie, :welcome:

The scanner is looking for the item, it does not mean it is on the computer but I have reported this.

Could you exclude Win32.Qhost.ahnj from the scan and see if that fixes the issue.

"How to exclude products from the scan?

You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to “Advanced User Mode” and then open “Settings”. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar)."

https://www.safer-networking.org/faq/how-to-exclude-products-from-the-search-2/

Best regards.

Silkie
2016-11-27, 22:44
Many thanks for the help. So I went ahead and excluded that Win32.Qhost.ahnj entry and the scan worked fine, nothing sinister found.

So when you say:

"The scanner is looking for the item, it does not mean it is on the computer but I have reported this"

I am not sure what that means as surely it must be on the computer if it got flagged? Is there another way to track it down?

tashi
2016-11-28, 17:40
Hello Silkie,


Many thanks for the help. So I went ahead and excluded that Win32.Qhost.ahnj entry and the scan worked fine, nothing sinister found.

So when you say:

"The scanner is looking for the item, it does not mean it is on the computer but I have reported this"

I am not sure what that means as surely it must be on the computer if it got flagged? Is there another way to track it down?

It was my understanding that you started a full scan but it froze on Win32.Qhost.ahnj and did not complete?


I downloaded Spybot today ver 2.5.42 and did a full scan and when it finds a file or process called Win32.Qhost.ahnj it gets stuck and just does not move on (33.2 %)


The scanner's bar shows it searching for items in its database, when a scan completes successfully it will show if any items were found and list them.

Did your anti virus program find anything remiss? :)

Best regards.

Silkie
2016-11-29, 05:02
OK the Bitdefender scan finished after 18 hours and found nothing so it seems all is fine. The question remains why Spybot has a thing about the qhost.ahnj file but I guess that is just a bug. Many thanks for your help

(m/f)
2016-11-29, 09:38
Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that. If it takes too long to scan, you might want to exclude Win32.Qhost.ahnj from your scan via "settings".

Silkie
2016-11-30, 20:55
Is there a way to scan just for the win32.qhost.ahnj or do I have to try the complete scan again? Does the fact that Bitdefender found nothing mean that it is not there or is it only something Spybot would find? Thanks again for all your help

tashi
2016-11-30, 22:43
Hello Silkie,


Does the fact that Bitdefender found nothing mean that it is not there or is it only something Spybot would find?

It appears to be as m/f posted previously,


Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that. If it takes too long to scan, you might want to exclude Win32.Qhost.ahnj from your scan via "settings".

This was reported by three users early 2015 but no-one followed up: https://forums.spybot.info/showthread.php?72002-Bug-with-Win32-Qhost-ahnj

How is the computer running? :)

Silkie
2016-12-01, 00:04
Yes I excluded the file in question on the scan, that was the only way to get it to move from 33% of the scan. So either it is still there or was never there. Maybe I will never know. Computer seems to run fine but not sure if that is any indicator...

tashi
2016-12-01, 05:49
Hello Silkie,


Yes I excluded the file in question on the scan, that was the only way to get it to move f
rom 33% of the scan. So either it is still there or was never there. Maybe I will never know. Computer seems to run fine but not sure if that is any indicator...

During the running of a Spybot scan the status bar shows what Spybot-S&D is checking for, it is not flagging the item. When the scan completes then the results are displayed. :)

As m/f said, "Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that".

As Bitdefender is not alerting and your computer seems to be running fine please let us know if any other issue occurs. :kboard:

Best regards.

(m/f)
2016-12-02, 10:22
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:

we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)

Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.

Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.

I hope that helps understanding :)

Goatherd
2017-01-03, 22:52
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:

we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)

Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.

Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.

I hope that helps understanding :)

Hi, yes I have the exact same problem for nearly a month now. I have let the program run for 14 hours without passing Win32.Qhost.ahnj, previously a scan would take around 3 hours so I would conclude that there is possibly a glitch in your otherwise excellent program. I ran the Semantic Win32.Qhost.ahnj remover program which ran for around two hours and then just disappeared, so I have no idea if it found anything or not, but spybot still froze on the same place!
I have now just put Win32.Qhost.ahnj on the disregard list as you suggested and it has now moved past the position that it previously froze.
regards

Hankt
2017-04-29, 16:30
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:

we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)

Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.

Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.

I hope that helps understanding :)

Yesterday I had to kill Spybot while it was stuck on Win32.Qhost.ahnj as the "Stop scan" button did not work. So on the third time, I decided to just let it run.

How many days should I let this run before shutting the scan down?

ps. I have been infected with a very, very new rasomware that has yet to complete on anyone's PC that I know of so there is never a hint at which variant.

Files all keep their native extension and there are Chinese characters left in .txt files that form a sentence.

The executable was wswposys.exe. I have posted some details and an encrypted file at :
https://www.bleepingcomputer.com/forums/t/645501/new-ransomware-infection;-no-note-id-ransomware-cannot-identify/

One other guy has had the same issue also with no ransom note.

tashi
2017-04-29, 19:28
Hello Hankt,


Yesterday I had to kill Spybot while it was stuck on Win32.Qhost.ahnj as the "Stop scan" button did not work. So on the third time, I decided to just let it run.

How many days should I let this run before shutting the scan down?

There is nothing to gain by letting the scan run for days, especially if your computer is infected with ransomeware. :sad:

Best regards.

Hankt
2017-04-30, 13:39
Hello Hankt,


There is nothing to gain by letting the scan run for days, especially if your computer is infected with ransomeware. :sad:

Best regards.

With numerous hits on this virus profile causing Spybot to either actually freeze or appear to freeze, would it be possible to put a little more detail in the user interface for files being scanned? Maybe then it would be easier to decipher a long-running, highly detailed virus scan from a state where Spybot has stopped working.

Thanks,

Hank

tashi
2017-04-30, 19:19
Hello Hankt,


With numerous hits on this virus profile causing Spybot to either actually freeze or appear to freeze, would it be possible to put a little more detail in the user interface for files being scanned? Maybe then it would be easier to decipher a long-running, highly detailed virus scan from a state where Spybot has stopped working.


"Win32.Qhost.ahnj" is a Trojan, the scanner shows the items Spybot is checking for in its database.

Which edition of Spybot do you have please. :)

https://www.safer-networking.org/private/

Best regards.

roberto
2017-05-05, 16:46
Hello Hankt,

I could reproduce this behaviour. So we have updated the detection signatures for "Win32.Qhost.ahnj". The new rules should solve your scanning problem. We will publish this update on 2017-05-10.

Kind regards,
Roberto.

tashi
2017-05-05, 17:08
Thank you roberto. :bigthumb: