Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

  1. #11
    forum_moderator Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    Sorry, I just prefer that people actually readuser guidelines, and even glance over the Terms of Use before simply clicking OK. For all they know they might have given away their firstborn daughter (although, truthfully, we have no place to raise a ZoneLabs baby).Marcus

  2. #12
    mjbwebpro Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    LoL sorry i just want this problem fixed

  3. #13
    stupidest Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    Well.... i don know if it is a false positive or not but its true that after deleting the Trojan something do eat up the bandwidth.... i searched 4 it n i think this is a new trojan so no other vendor is still able to detect it.... it recreats itself in the registry... this trojan uses svchost.exe to download the main content in the c:\docu~\username\local settings\temp folder with a name "bit60.tmp" with a file size 6.3 MB.... the svchost process id is usually starting with 17**... once my zonealarm detected it i am able to stop it again downloading by manually stopping that svchost process to terminate the net connection n by limiting its download speed to 1 byte/sec using a bandwidth limiter software.... n then i keep on deleting that tmp file once in a while.... but its a temporary workaround till a patch is posted by any of the antispyware i use....

    so if its a false positive then what is svchost.exe downloading ????

  4. #14
    mjbwebpro Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    strange but if thats true most likely norton would find it before CA i Don't Know strange Something to ponder

  5. #15
    oxford Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    I did the same thing except i went into safe mode and emptied all my temp files ie/opera/firefox. [i went into the \windows\temp intead of c:\docu~\username\local settings\temp folder]

    after reinstalling ZA spyware and updating to the latest patch,.. my bandwidth was looking really consistent and showing really normal speeds,.. no erratic fluctuations/low bandwidth speeds after...

    then my bandwidth started ****'ing up, ..completely with a 50kps starting max then slowly to 2kps.

    normal speeds are 90kps high to 88kps low.



    rob


    edit: i have 4 total svchost.exe processes running "network services, local services, and 2 other ones"

    Message Edited by oxford on 09-07-2006 06:35 PM

  6. #16
    stupidest Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    Well... You see you need to figure out which svchost.exe process is increasing in size with every passing second while u r connecting to net n u feel irratic download speeds.... then try n eliminate it but rest assure that within minutes it will reapear....

    the work around i did was that i limited the bandwidth usage of that process using netlimiter pro to 1 byte per second so it will take that malware eons to download the entire 6 mb's... lol

    also note here that deleting the temp content wont help cause just after you delete it will reappear.... n also it continues to download from the state u left it in case u ever cut off ur net connection n then relogin...

    what i did is that i maunally created a file " BIT06.tmp" in my c:\docu!\username\local settings\temp folder n made it read only n hidden..... after i did that i noticed that svchost process id still runs but is unable to bownload anything..... that means it cant over write the file i made.... so wont eat any bandwidth.... then again i don know 4 sure how long it will work n even if it work its a temporary workaound.... we need something better soon....

  7. #17
    oxford Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    How many svchost.exe 's are you picking up in task manager?

  8. #18
    stupidest Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    well.... that doesnt matter.... you can find one or many instances of svchost.exe in ur taskmanager.... depending upun the running threds....


    do one thing download and install a-squared hijak free from a-squared site n run it... n then find out any svchost.exe instance with a process id starting with 17** n it should also have the most number of threads running in it.... in excess of 60

    u can then kill that process... n then delete that "BIT06.tmp" file n then creat a balnk file with the same name but readonly attributes.... remember it has to be done while that file is being downloaded i.e when u face irratic downloads speed just after deleting the trojan by zonealarm....

  9. #19
    oxford Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    http://forum.majorgeeks.com/showthread.php?p=844673

    check the date of this post, dated : 09-05-06 [sept.05.2006]


    edit: the trojan is ONLY new if the author of the trojan changes it to a degree; even if it is to a small degree.

    Message Edited by oxford on 09-07-2006 11:47 PM

  10. #20
    oxford Guest

    Default Re: Zone labs need to fix this Win32.Softomate is a false positive!!!!!!

    this is an interesting find:


    http://uk.mcafee.com/virusInfo/defau...virus_k=133946



    it describes the registry keys that ZA picked up as the trojan...

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •