Results 1 to 5 of 5

Thread: New Trojan detected.

  1. #1
    emmsee Guest

    Default New Trojan detected.

    I'm running V 7.0.337 and v3 AV and AS DAT version 01.2007.03.12854
    days ago ZA detected this trojan - "win32.worm.mytob.FN" and offered to delete or quarantine it.I first selected delete but like this guy [http://forums.zonealarm.com/zonelabs...ssage.id=1493] ZASS hangs and hasn't deleted after 2 hours. So I tried Quarantine and it does so but next reboot the trojan is back.Log says:ASW,2007/04/12,01:33:40 +10:00 GMT,Win32.Worm.Mytob.FN,Trojan,Manual

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Password Keeper

    Directory-C:\Documents and Settings\Mike Coleman\Start Menu\Programs\Software by Design

    RegistryKey-HKEY_CURRENT_USER\Software\Software by Design

    RegistryKey-HKEY_CURRENT_USER\Software\Software by Design\Password Keeper for Windows 95/NT

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Software by Design

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\Software by Design\Password Keeper for Windows 95/NT

    RegistryKey-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PassKeep

    RegistryKey-HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Extensions-RegValueName-pwk

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.pwk

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.pwx

    RegistryKey-HKEY_LOCAL_MACHINE\SOFTWARE\CL
    Password Keeper is a genuine program that I've used since 1998 with no problems.When
    I quarantine the trojan it obviously makes Passwod Keeper unusable [ unless
    I reinstal it and I don't want to do that until I've got rid of the Trojan].
    Any suggestions on how to get rid of this
    regardsMike Coleman

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    beechboy Guest

    Default Re: New Trojan detected.

    I've had the same problem concerning the same program (Password Keeper). I'm using the latest v7 updates as of 11 April 7. Could this be a false positve?

    Scan result details:

    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Password Keeper
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P layer\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P references\VideoSettings
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\FirewallPortMappings
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\General\LatchSet1
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\NATCache
    Directory: C:\Documents and Settings\TEMP\Start Menu\Programs\Software by Design
    RegistryKey: HKEY_CURRENT_USER\Software\Software by Design
    RegistryKey: HKEY_CURRENT_USER\Software\Software by Design\Password Keeper for Windows 95/NT
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Software by Design
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Software by Design\Password Keeper for Windows 95/NT
    RegistryKey: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PassKeep
    RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Extensions\pwk
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.pwk
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.pwx
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\pwkfile
    RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\pwxfile

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: New Trojan detected.

    Hi!please report this possible false positive to ZA labs, including where the Password Keeper installer can be downloaded (so they can test it).Report it here: http://www.zonealarm.com/store/conte...are_report.jspFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: New Trojan detected.

    Hi!your AS DAT is outdated, please manual update your signature. We are at 1375 and not 1285.If you encounter an error updating it please do the following:1. Close ZA2. Go to C:\WINDOWS\system32\ZoneLabs\Updates3. Remove all files and folders4. Open ZA5. Manual update your AV/AS signatureIf the above fails, try again (point 2 to 5) but in SAFE MODE (with networking).Fax

    Message Edited by fax on 04-12-2007 09:57 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    mirvin Guest

    Default Re: New Trojan detected.

    I too have gotten the same warning. I deleted the reported Trojan, with apparently no problem although I have yet to reboot my machine. Password Keeper
    started alright, but I had to re-set up my options just as you would have to do if installing the program for the first time. All appears to be working so far.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •