This has showed up in two places via a super scan mode. It had to have shown up yesterday (July 30, 2010) as I do regular scans and a super scan once a week.
1) What does this Trojan do and what is the risk to my system and personal information?
2) Why did Zone Alarm Extreme Security not prevent it from downloading?
Any help would be appreciated.
1. Its an heuristic detection of a trojan diffusing via web browsing. There potentially thousands of variations. So impossible to say what it does. Trojans can steal private information, accounts, private info, make your PC a zombi to spam, etc...
2. It did otherwise you would be infected :) . It can be also a false positive. Heuristic can have false positives. Also its good norm you actually post the exact location and name of the file.
For peace of mind you can see here below for standard steps:
Malware Clean-up Guidance
For better protection see here:
xyz was not detected. What I should do?
If you have ZA Extreme I would recommend you turn ON virtualization. If you have then you perfectly protected.
P.S. and no, super scan every week? Way too much, you will become a slave of your security tool. Just keep ZAX always updated and active and you will not need such scans. May be in months not weeks. Keep the recommended settings.
Fax, thanks for responding to me.
It was found in the following path:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\fm.htm
One thing I did find interesting is the folder "Temporary Internet Files" in that particular path is set as a system folder and would not show up until I modified the setting to show all hidden and system folders. That folder is not considered a system folder under guest and shared users.
I thought I had checked "Enable Virtualization" but after your suggestion wanted to verify and found that it was not checked. It is now.
I guess I was expecting Zone Alarm to not even allow the trojan to download to my hard drive but the scan caught it so I should be okay.
PS: I am afraid the super scan every week is my paranoia of identity theft coming through. :-)
Probably it did otherwise you would not been discussing this here :)
Originally Posted by epig
You are good to go... :)
And virtualization is there to defend you exactly on these type of issues by isolating the browser from the rest of the system. Keep it on always.
Read the guide for further help on how to use ZA:
Again, way too much... may be you can do it every 2-3 months. Its not the scan that will do it but ZA itself on the spot if kept updated and always running.
Originally Posted by epig