Hey all. Well I did a virus scan with avast nothing as usual Then I did a CounterSpy scan same thing. Adaware had only two little cookies there, then ZoneAlarm did an Automatic scan and it found two Trojans… Yeah… anyways I download Spybot Search and Destroy and did a scan nothing came up just two little cookies. Here is the names of the “Trojans” I did a google search on both of them by their name and nothing came up
Win32.ProcessKill File: C:\System Volume Information_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP23\A0000965.dll
File: C:\Documents and Settings\Logan\Local Settings\Temp\nseE.tmp
Directory: C:\Documents and Settings\Logan\Local Settings\Temp\nseE.tmp
and Win32.Dialer.Fotosex (This was interesting seeing how I don’t look up porn or anything like that)
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT
Is this a Trojan? or is it just Zone Alarm acting weird? Also I heard that Trojans gather Info and are kind of in a grayish area betwean virus and Spyware. Should I go through the hassle of Reconfiguring my computer if I do find a Trojan? or is that just being paranoid? Thanks in advance
P.S I posted here as well as the Zone Alarm forums but it seems people here know a little more about worms and such
You can’t do much about the one in C:\System Volume Information_restore as this is windows protected storage, a part of system restore. The only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
There is no way to tell if you have got rid of them, deletion is never a good first option.
However, since the majority were to be found in the Temp folders I would think not, you can do a google search for nseE.tmp and see if it brings up anything. There is only one hit that mentions Patchmaker.
Having two resident anti-virus scanners and I’m assuming that the ZA anti-virus is resident (active) ?
well I reconfigured my computer, Downloaded all my security software and updated it. Then I installed my drivers. I then scanned with Zone Alarm and the same two “Trojans” came up. This leads me to the belief that this is a False Positive. Dose this sound correct?
Well I did a scan with Ewido and no “Trojan” came up just a few little cookies. So is this a False Positive? and if so how do I got about reporting it? Thanks for all your help guys
Having two resident anti-virus scanners and I'm assuming that the ZA anti-virus is resident (active) ?
Perhaps it is decision time as to which resident AV you have installed. Ewido and a-squared can be run as on-demand (non resident scanners and they aren’t AVs).
[b]then ZoneAlarm did an Automatic scan [/b]and it found two Trojans...
And this
well I reconfigured my computer, Downloaded all my security software and updated it. Then I installed my drivers. [b]I then scanned with Zone Alarm [/b]and the same two "Trojans" came up. This leads me to the belief that this is a False Positive. Dose this sound correct?
Because Zone Alarm Pro uses Anti-Spyware scan. Trojans are recognized by bother Virus and Spyware scans on average. Avast is a Virus scanner Zone alarm is a Spyware scanner
I was concerned that it might have been the ZA security Suite which includes anti-virus.
My firewall Outpost Pro also has a resident anti-spyware plugin but I disabled it as I have other on-demand anti-spyware AdAware, Spybot, SpywareBlaster and Ewido and I can run those if I fel I need a second opinion rather than have a resident anti-spyware runing. This could slow boot as it wil have an interaction with avast as for each file that ZA wants to scan avast will also scan, this duplication slowed my boot considerably.
That’s interesting… I have noticed that my boot time is slow and viewing webpages… Could Avast and Zone Alarm Pro working together slow down webviewing as well?
I don’t know what ZA’s anti-spyware checks, if it checks web content then it is entirely possible due to duplication of scanning. I also have the Content and Active Content plug-ins disabled in my firewall. I want it to concentrate on being a firewall and let me take care of the rest.
What I meant was that if your version of ZA included an active anti-virus avast could conflict with another resident AV, which as you have now clarified by saying it is an anti-spyware function. Your understanding of what ZA does (especially the Pro version) is likely to be greater than mine, it is over three years since last used it (free version) and you have it for reference on your system.
What should I expect from ZA? I’m not so happy with it sometimes sometimes I think it’s a great firewall other times… Not so much. Anyways I re-Reconfigured and still found one of them I didn’t find the other one though which is good. (it was the Fotosex one) I’m not going to Re-re-reconfigur though because well… That just over kill lol.
P.S I let Zone Alarm Pro Deal with it as I talked with one of their staff members and they said it will get rid of it just to rescan to make sure I got it all.
Sorry I can’t help you with ZA and what you should expect I haven’t used it in over 3 years and that was the free version.
Reconfiguring wouldn’t change any detections, unless when they were detected you selected ignore if that option existed but, you should only choose that option if you absolutely know the detection is incorrect.
Personally I prefer to use other dedicated anti-spyware products in an on-demand scan function, rather than have a unknown bolt-on/plug-in solution incorporated in my firewall (as I said let it get on with being a firewall). This way I update the signatures and run a weekly scan or by monitoring the << Updates >> Topic on the General forum you can see when updates are reported for your anti-spyware, I download the signature update and then I run a scan.
Now if something is detected that previously hasn’t been I don’t take it at face value, I check what is being detected and investigate, google, etc. only if what is being detected is serious, not tracking cookies, etc. Before I would allow a deletion, file or registry entry I check and double check. If it isn’t serious and/or I’m not convinced it is a positive detection then I ignore it and frequently the following week a false positive detection has been corrected and it isn’t detected again.
"On Demand" means the User initiates ( "starts" ) the
scan, NOT some "automatic" started by a program.
Zone Alarm is known NOT to have a very good
anti-SPYWARE program; would be better using FREE
products, like Ad-Aware, Ewido, a-squared, and/or the
"Free" version of "SUPERantispyware" .