Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

  1. #1
    tomte Guest

    Default Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    Hello,
    after uninstalling and freshly installing ZoneAlarm Internet Security Suite (ZASS) 6.5 from zaSuiteSetup_65_737_000_de.exe (27.944KB) updating and scannig works fine just once but subsequent scans never end, they always show "Spyware ... Elemente geprueft: 99%".

    There is not even a way to stop ZASS scanning, it asks if it really should finish but continues scanning (18 hours ...). Screenshots are available.

    There is also a contradiction: it says Anti-Spyware finished, but 99% is not really finished:

    Viren-/Spyware-Pruefung
    Pruefungsfortschritt
    Pruefungsdetails
    Aktuelle Daten: Win32.Rootkit.Vanquish

    Anti-Virus - In Bearbeitung
    Dateien geprueft: 539.529
    Dauer: 18:33:09
    Infizierungen gefunden: 0

    Anti-Spyware - Abgeschlossen (=finished!)
    Elemente geprueft: 99% (though finished!)
    Dauer: 0:00:41
    Spyware gefunden: 0

    I sent ZA a report on weekend, and after sending there was no way to end ZASS except by rebooting.
    I am not even sure if my email arrived at ZA or has been catched by the Rootkit.

    I know that Rootkit malware is able to hide itself.
    - Could my ZASS itself be infected?
    - Would ZASS detect this Rootkit?
    - How can I check against Rootkits? Most important ...
    - How can I prevent against Rootkits after next fresh Windows installation?

    Google did not find any hit on "Win32.Rootkit.Vanquish" (infected itself? ... starting to drive crazy? ...)

    Best regards
    Thomas

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    tomte Guest

    Default PS: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    PS: The uggly or dangerous consequence is that I must decide to
    - eighther ignore that endless scanning slows down my system (no)
    - or reboot each time (uff, that is my actual choice)
    - or disable ZASS to get rid of the problem - and of security (no!)

    Thomas

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: PS: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    Hi!
    Try this http://www.greatis.com/unhackme/vanq...kitremoval.htm
    it should help.
    Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: PS: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    The Sophos rootkit detector (freeware) will do it for you >

    http://www.sophos.com/products/free-...i-rootkit.html

    Oldsod
    Best regards.
    oldsod

  5. #5
    tomte Guest

    Default Warning: "vanquishrootkitremoval" / "UnHackMe" fake installs AdWare!

    Warning: That "UnHackMe" fake installs AdWare: "vanquishrootkitremoval" or "UnHackMe" (unhackme310.exe in unhackme.zip)

    Thank you for trying to help, but via the provided link "http://www.-greatis.-com/-unhackme/v...oval.htm" I got a fake called "UnHackMe" (unhackme310.exe in unhackme.zip) that infected my computer with the Chinese AdWare "Borlander" instead of Rootkit scanning.

    While other Rootkit scanners like "Sophos Anti-Rootkit" or "Spyware-Doktor" take longer than 10 minutes, this "UnHackMe" fake took less than a second, so at least did not scan files.

    Because that was suspicious, I checked my Computer with
    - "Sophos Anti-Rootkit" ==> nothing found
    - "Spyware-Doktor" ==> "Scan Results: 5 Infections:

    Borlander C:\Windows\Temp\~DF2F2.tmp Elevated
    Borlander C:\Windows\Temp\~DF7866.tmp Elevated
    Borlander C:\Windows\Temp\~DFE871.tmp Elevated
    Borlander C:\Windows\Temp\~DFF8B4.tmp Elevated
    Borlander C:\Windows\Temp\~DFF8CB.tmp Elevated

    Borlander is not a virus. It is a Chinese AdWare that ...

    It can not be removed with the trial version of Spyware Doctor."

    Please note that I had scanned my computer using "Sophos Anti-Rootkit" and "Spyware-Doktor" right before installing "UnHackMe".

    So I deleted those 5 infected files from C:\Windows\Temp
    and started Spyware Doctor scanning again: 0 infections detected anymore.

    I suspect "UnHackMe" being just AdWare, not a Rootkit-checker nor -remover at all.

    Best regards,
    Thomas

  6. #6
    tomte Guest

    Default Re: PS: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    Hello Oldsod, thank you for hint and help!

    I downloaded and installed the evaluation version. It could not find any Rootkit, because .... see new thread "Path Length Overflow / Recursion caused ZASS to hang"

    Thanks a lot!,
    Thomas

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Warning: "vanquishrootkitremoval" / "UnHackMe" fake installs AdWare!


    <blockquote><hr>tomte wrote:
    Warning: That &quot;UnHackMe&quot; fake installs AdWare: &quot;vanquishrootkitremoval&quot; or &quot;UnHackMe&quot; (unhackme310.exe in unhackme.zip)

    Thank you for trying to help, but via the provided link &quot;http://www.-greatis.-com/-unhackme/v...oval.htm&quot; I got a fake called &quot;UnHackMe&quot; (unhackme310.exe in unhackme.zip) that infected my computer with the Chinese AdWare &quot;Borlander&quot; instead of Rootkit scanning.

    <hr>
    Sorry to say that unless &quot;greatis company&quot; has changed its policy recently, the Unhackme rootkit scanner is a safe and well known rootkit scanner (not free). For reference, see http://www.spywarewarrior.com/
    where all
    rouge/Suspect Anti-Spyware products are listed. You can also have a look here: http://www.spywarewarrior.com/uiuc/soft5.htm#rootkit
    where legitimate and trusty rootkit scanner are listed (including unhackme).
    If you feel that this is not correct please send feedback to spywarrior to check....
    Cheers,Fax

    </blockquote>

    Message Edited by fax on 11-28-200608:44 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: PS: Spyware scan 99% ==> ZASS hangs on Win32.Rootkit.Vanquish

    Hi tomte

    Freeware rootkits tools from>

    http://www.microsoft.com/technet/sys...tRevealer.mspx

    http://www.f-secure.com/blacklight/

    also a beta from AVG>

    http://fileforum.betanews.com/detail...t/1154697799/1

    plus the Microsoft Malicious Software Removal does find a few rootkits.

    Also there is one called Ice Sword and it is a little tricky to use and the original version is in Chinese. You may find an English version. I doubt if there is a German version. It is supposed to be extremely good.



    fax is very correct. Unhackme is a legitimate software and is not a rogue application.

    http://fileforum.betanews.com/detail...e/1103207240/1

    As a general rule I use a file/reg cleaner before using a rootkit finder tool. It does eliminate all the false readings.

    Glad to hear that things are clean now.

    Oldsod
    Best regards.
    oldsod

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Warning: "vanquishrootkitremoval" / "UnHackMe" fake installs AdWare!

    Yes I agree with you, fax.
    Unhackme is a "clean" application. Thanks for the list of antirootkit tools.

    Oldsod
    Best regards.
    oldsod

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Warning: "vanquishrootkitremoval" / "UnHackMe" fake installs AdWare!

    Thank Oldsod for the support :8}!!Well, it may well be that something has changed but I really doubt that this is the case...
    Cheers,Fax


    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •