The presence of a file named sysformat.exe in the windows system directory.
The presence of a task named sysformat in the process list (if the machine is running Windows 95 / 98 / Me, this process is cloaked and is invisible).
The windows firewall and security center (in case the machine is running Windows XP Service Pack 2) is disabled.
Security software (anti-viruses, firewalls...) on the machine are disabled and can not be started.
The host file in the System32\Drivers\etc subdirectory of the windows directory is of size 1,771 and contains only entries which begin with 127.0.0.1 and sites belonging to antivirus vendors.
Please let BitDefender disinfect your files. To restore your internet connection which the sites the worm blacklisted, be sure to scan the system directory and let BitDefender delete the host file (about which it should report that it is infected with Generic.Qhost) or delete this yourself. Until you do this, the machine won't be able to connect to some sites which can result in your anti-virus products being unable to perform the update operation.
Attila-Mihaly Balazs, virus researcher