I keep getting a warning about this intruder from Zone Alarm whenever I use my email. The files that are reported as infected don't exist on my system. It suggests rebooting every time.
Nothing on my system seems to be malfunctioning, but the repeated warnings are annoying. Does anyone know of a clean up for this??
I use The Bat as my email client if that is relevant.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite
Hi!don't use The Bat but most probably the file is somewhere in your system.In the ZA log you should be able to see where the file is stored. Fax
I looked for the file (ZA reported it in Docs & Settings\Ian\LocalSettings\Temp\Bat1A!.tmp) but it was not there! It looks as if it is a temp file that is in use by The Bat during send/receive and ditched as soon as it is no longer needed. This would explain why ZA can't delete it or quarantine it (it's in use), but it isn't there if I look for it or if I do a full scan! I would say it was a false positive if it hadn't started happening recently (but ZA and The Bat have both had recent upgrades!!).
Hi!if you are sure that you got rid of all junk files and empty the trash in the bat, probably the best is to ask at the bat forum.Here (i think) http://www.ritlabs.com/en/forum/list.php?FID=4In principle you can report the false positive to newvirus at kaspersky dot com. Subject: false positive.But you will need to zip and password protect (include the PW in the e-mail) "Bat1A!.tmp". But may be you are not able to copy it and attach it to an e-mail since the file is locked.If you are able to copy the "tmp" file. First try to scan with a right click (ZA antivirus) then also try to upload to www.virustotal.com and see if also there the tmp is detected as "Trojan-Spy.HTML.Fraud.gen".Fax
Oh thank goodness I am not the only one with this nightmare!
I use The Bat and Zone Alarm - both recently upgraded.
Am having exactly the same problem - the temp file does not contain the referred to files yet the alert pops up and up and up and up - it is driving me mad.
Nothing I can find on The Bat forum, nothing useful here.
Please, is there anyone who can provide some guidance here? The temp file is effectively empty so scanning it reveals nothing.
OK Cracked this one:
Courtesy of Roelof Otten of The Bat! mailing list:
> What happens is that the message gets locked, so TB can't import it
> and then the file gets deleted.
> As the file gets deleted in stead of imported TB decides not to delete
> it from the server. Therefore the next next poll for mail will
> download the same message again, with the same result.
> The cure therefore is to delete it from the server. The easiest
> options are either TB's mail dispatcher or your ISP's web mail (if
> they support such a feature).
Worked for me...
Wow,what a relief. I looked in my webmail and there was a Paypal phishing scam emeil causing the trouble. Deleted it and all is fine!!
Hi!thanks all for reporting back here the solution... :8}Fax