Windows XP SP3
ZoneAlarm Extreme Security 9.3.014.000
MS InternetExplorer IE 8.0.6001.18702
I was on the internet and went to a site where it kept downloading something over and over. I finally killed IE using task manager. By then the damage was already done.
ZA gave no indication at all of a virus. After I closed all open programs I ran a ZA SuperScan. I then rebooted and ran another Superscan. All scans came back clean.
Once the PC came back up and I tried to run a progam I kept getting notice of an antivirus tool called "XP Extreme ..." (couldn't remember the rest of the title) that kept scanning and finding viruses and I need to register it. I finally found 14 .exe files in my "\doc settings\...\local settings\application data" and one of the programs, mta.exe, was running as a process. After I deleted the progam I could no longer run any programs at all.
It turns out that the virus modified the "exe and "exefile" registry keys to run the mta.exe while passing the parameters into it. After I removed all 14 .exe files and fixed the registry I was back up and running (hopefully). One of those .exe files was njc.exe which appeared to be a setup file.
(1) Why didn't ZA catch the virus when it first struck while I was on the internet??
(2) Why didn't the ZA SuperScan discover the virus before I rebooted and after??
(3) Why wasn't ZA able to notify me that the virus was making changes to the registry??
(4) Everything is green on the ZA main page telling me that I am fully protected. My big concern now is "Am I????"
Re: Virus Infection
Follow ALL the steps as detailed here:
Malware Clean-up Guidance
Next: After cleaning it up please review this post:
xyz was not detected. What I should do?
Re: Virus Infection
I think it may be best to back up your files and reformat and start afresh as some viruses can install multiple mischief.
A plugin called 'No Script' for Firefox (free) is very highly regarded and would stop such a drive-by attack, also make sure you have the latest Microsoft updates.
Take a look at any Firewall logs ZoneAlarm may have generated (Alerts & Logs > Program/Firewall)
This has happened to me before too, the net is infested with this evil!