Results 1 to 4 of 4

Thread: malware? or not malware?

  1. #1
    troutamerica Guest

    Default malware? or not malware?

    ZA Security Suite 6.5.737.000
    TV security eng ver. 6.5.737.000
    Driver Ver 6.5.737.000
    Anti-virus Vet eng DAT file ver 11.9979.000
    Anti-spyware DAT file ver 01.200609.355
    AntiSpam ver

    Recently I've noticed continued alerts from ZA for a file "mswinup" to access the internet. I have denied them, while trying to discover what the file is. I ran ZA spyware and virus scans and they failed to find any malware. Some internet sites listed this program (mswinup) as malware. Is it?

    During the scan I notices one of the files being canned was named "Shadow32" - a very suspicious name. Internet searches indicated the file could be malware or part of some key logger program which I have never knowingly installed. (I have to conclude from this, that my version must be malware.)

    My issue is why isn't zonealarm finding these files during scans????

    Lastly, I keep getting this "zaspy.dll" (That's not the exact name. Can't remember it right now.) "not found" error message when ZA tries to analyze any file I retrieve from the internet. I've seem some messages about this error but none that have helped me fix the problem.

    I would like some help in getting the most out of ZA if my settings are the problem, and comments on what software others are using to make up for ZA's shortcomings if in fact ZA is missing these spyware files.

    Thanks in advance.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2

    Default Re: malware? or not malware?

    Sounds like spyware using "Windows like" names to confuse people. Download other anti-spyware products and scan with those like ones in my signature.

  3. #3
    wire Guest

    Default Re: malware? or not malware?

    when i do a deep scan on za i keep getting this trojan win32.askyaya, i have deleted like 20 times now and i tried to delete it in my reg where za told me where it was RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} does anyone one know how to get rid of this and what is it really?? i have spybot, ad awear, spydr and did trend miro (online) and they never get it! is this a fase alarm??please e-mail, thanks wire :-)

    ** Please don't post your e-mail address**

    Message Edited by Greb49er on 09-30-2006 08:00 AM

  4. #4
    Join Date
    Dec 2005

    Default Re: malware? or not malware?

    It appears to be the real malware, Not a False Positive.

    BHO/CLSID/Toolbar Deep Dive
    Field Value
    GUID {A2B7A0F0-B697-4A71-8D91-43443F57D7BB}
    Filename estAlive.dll
    Object Name estAliveObj Class
    Status X BHO
    Description AskYaya aka Estalive adware
    Viewed 411 times since 23 May 2005, 1840 Hours UTC-4.



    "X" - Certified spyware/foistware, or other malware
    "L" - Legitimate items
    "O" - Open to debate
    "?" - Unknown Status
    "BHO" - Browser Helper Object
    "TB" - Toolbar

    Please look at the details about AskYay

    And look at the details about EstAlive

    Do a search for this using {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} in the Find of the registry and delete them manually. The CLSID sections of the registry are a common hiding places for these types of malware. After deleting the estAlive.dlland the slew of the other related .dlls and any .exes, try using the CCleaner to help remove some of the leftovers...

    An excellent reg cleaner that does covers the CLSID area of the registry is the Abexo Free Registry Cleaner.

    Hope this helps


    Message Edited by Oldsod on 09-30-2006 12:20 PM

    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.5
    Best regards.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts