Spybot stuck on initial scan when it finds Win32.Qhost.ahnj
- Thread starter Silkie
- Start date
tashi
Member of Team Spybot
Hello Silkie, :welcome:
The scanner is looking for the item, it does not mean it is on the computer but I have reported this.
Could you exclude Win32.Qhost.ahnj from the scan and see if that fixes the issue.
"How to exclude products from the scan?
You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to “Advanced User Mode” and then open “Settings”. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar)."
https://www.safer-networking.org/faq/how-to-exclude-products-from-the-search-2/
Best regards.
The scanner is looking for the item, it does not mean it is on the computer but I have reported this.
Could you exclude Win32.Qhost.ahnj from the scan and see if that fixes the issue.
"How to exclude products from the scan?
You can edit the ignore list in the “Settings“ module to exclude a product from further searches. In order to do so you have to run the Start Center, switch to “Advanced User Mode” and then open “Settings”. Now browse to the “Ignore List“ tab. Via the “Add“ button you will get a list of products to be excluded. Just select the product you want to exclude and hit “OK“.
Settings can also be launched via SDTray (the small Spybot – Search & Destroy icon beside your systems clock in the taskbar)."
https://www.safer-networking.org/faq/how-to-exclude-products-from-the-search-2/
Best regards.
Many thanks for the help. So I went ahead and excluded that Win32.Qhost.ahnj entry and the scan worked fine, nothing sinister found.
So when you say:
"The scanner is looking for the item, it does not mean it is on the computer but I have reported this"
I am not sure what that means as surely it must be on the computer if it got flagged? Is there another way to track it down?
So when you say:
"The scanner is looking for the item, it does not mean it is on the computer but I have reported this"
I am not sure what that means as surely it must be on the computer if it got flagged? Is there another way to track it down?
tashi
Member of Team Spybot
Hello Silkie,
It was my understanding that you started a full scan but it froze on Win32.Qhost.ahnj and did not complete?
The scanner's bar shows it searching for items in its database, when a scan completes successfully it will show if any items were found and list them.
Did your anti virus program find anything remiss?
Best regards.
It was my understanding that you started a full scan but it froze on Win32.Qhost.ahnj and did not complete?
The scanner's bar shows it searching for items in its database, when a scan completes successfully it will show if any items were found and list them.
Did your anti virus program find anything remiss?
Best regards.
Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that. If it takes too long to scan, you might want to exclude Win32.Qhost.ahnj from your scan via "settings".
tashi
Member of Team Spybot
Hello Silkie,
It appears to be as m/f posted previously,
This was reported by three users early 2015 but no-one followed up: https://forums.spybot.info/showthread.php?72002-Bug-with-Win32-Qhost-ahnj
How is the computer running?
It appears to be as m/f posted previously,
This was reported by three users early 2015 but no-one followed up: https://forums.spybot.info/showthread.php?72002-Bug-with-Win32-Qhost-ahnj
How is the computer running?
tashi
Member of Team Spybot
Hello Silkie,
During the running of a Spybot scan the status bar shows what Spybot-S&D is checking for, it is not flagging the item. When the scan completes then the results are displayed.
As m/f said, "Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that".
As Bitdefender is not alerting and your computer seems to be running fine please let us know if any other issue occurs. :kboard:
Best regards.
During the running of a Spybot scan the status bar shows what Spybot-S&D is checking for, it is not flagging the item. When the scan completes then the results are displayed.
As m/f said, "Win32.Qhost.ahnj has got some very extensive rules that may take a lot of time to scan on some systems. This might not even be a bug... sorry for that".
As Bitdefender is not alerting and your computer seems to be running fine please let us know if any other issue occurs. :kboard:
Best regards.
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:
we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)
Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.
Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.
I hope that helps understanding
we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)
Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.
Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.
I hope that helps understanding
Same problem
Hi, yes I have the exact same problem for nearly a month now. I have let the program run for 14 hours without passing Win32.Qhost.ahnj, previously a scan would take around 3 hours so I would conclude that there is possibly a glitch in your otherwise excellent program. I ran the Semantic Win32.Qhost.ahnj remover program which ran for around two hours and then just disappeared, so I have no idea if it found anything or not, but spybot still froze on the same place!
I have now just put Win32.Qhost.ahnj on the disregard list as you suggested and it has now moved past the position that it previously froze.
regards
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:
we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)
Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.
Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.
I hope that helps understanding
Hi, yes I have the exact same problem for nearly a month now. I have let the program run for 14 hours without passing Win32.Qhost.ahnj, previously a scan would take around 3 hours so I would conclude that there is possibly a glitch in your otherwise excellent program. I ran the Semantic Win32.Qhost.ahnj remover program which ran for around two hours and then just disappeared, so I have no idea if it found anything or not, but spybot still froze on the same place!
I have now just put Win32.Qhost.ahnj on the disregard list as you suggested and it has now moved past the position that it previously froze.
regards
Same issue
Yesterday I had to kill Spybot while it was stuck on Win32.Qhost.ahnj as the "Stop scan" button did not work. So on the third time, I decided to just let it run.
How many days should I let this run before shutting the scan down?
ps. I have been infected with a very, very new rasomware that has yet to complete on anyone's PC that I know of so there is never a hint at which variant.
Files all keep their native extension and there are Chinese characters left in .txt files that form a sentence.
The executable was wswposys.exe. I have posted some details and an encrypted file at :
https://www.bleepingcomputer.com/forums/t/645501/new-ransomware-infection;-no-note-id-ransomware-cannot-identify/
One other guy has had the same issue also with no ransom note.
Sorry to be that late to clarify: It does not mean you have it on your system, Spybot just scans your system for Win32.Qhost.ahnj. It works like this:
we got rules like: Look for a file that size in that folder with parameters 1,2,3 (just an example, of course)
Now if the specified folder contains many files, every file has to be checked for the size, if there are many files of that size, every file has to be checked for the parameters. Each check takes time, that means: the more files, the more checks.
Win32.Qhost.ahnj rules contain many folders, many sizes. -> many checks, long time to scan.
I hope that helps understanding
Yesterday I had to kill Spybot while it was stuck on Win32.Qhost.ahnj as the "Stop scan" button did not work. So on the third time, I decided to just let it run.
How many days should I let this run before shutting the scan down?
ps. I have been infected with a very, very new rasomware that has yet to complete on anyone's PC that I know of so there is never a hint at which variant.
Files all keep their native extension and there are Chinese characters left in .txt files that form a sentence.
The executable was wswposys.exe. I have posted some details and an encrypted file at :
https://www.bleepingcomputer.com/forums/t/645501/new-ransomware-infection;-no-note-id-ransomware-cannot-identify/
One other guy has had the same issue also with no ransom note.
tashi
Member of Team Spybot
Hello Hankt,
There is nothing to gain by letting the scan run for days, especially if your computer is infected with ransomeware. :sad:
Best regards.
There is nothing to gain by letting the scan run for days, especially if your computer is infected with ransomeware. :sad:
Best regards.
With numerous hits on this virus profile causing Spybot to either actually freeze or appear to freeze, would it be possible to put a little more detail in the user interface for files being scanned? Maybe then it would be easier to decipher a long-running, highly detailed virus scan from a state where Spybot has stopped working.
Thanks,
Hank
tashi
Member of Team Spybot
Hello Hankt,
"Win32.Qhost.ahnj" is a Trojan, the scanner shows the items Spybot is checking for in its database.
Which edition of Spybot do you have please.
https://www.safer-networking.org/private/
Best regards.
"Win32.Qhost.ahnj" is a Trojan, the scanner shows the items Spybot is checking for in its database.
Which edition of Spybot do you have please.
https://www.safer-networking.org/private/
Best regards.
Update is scheduled for 2017-05-10
Hello Hankt,
I could reproduce this behaviour. So we have updated the detection signatures for "Win32.Qhost.ahnj". The new rules should solve your scanning problem. We will publish this update on 2017-05-10.
Kind regards,
Roberto.
Hello Hankt,
I could reproduce this behaviour. So we have updated the detection signatures for "Win32.Qhost.ahnj". The new rules should solve your scanning problem. We will publish this update on 2017-05-10.
Kind regards,
Roberto.