I recently had a whole rack of trouble. I first noticed it all when I all of a sudden had a pop-up at startup and any other time explorer.exe started that stated Personalized Settings for C:\windows\system32\wmhost.exe s . I was having trouble clicking desktop and taskbar as both would give critical error sound and no message. Lag and all sorts of other issues known to be caused by Malware. When I ran a google search I turned up tons of Sophos and other sites warnings that this file is a trojan. I had scanned the night previous to this with my ZA which is;ZA Security Suite V 7.0.337.000TV Security Eng. V 7.0.337.000Antivirus engine V 3, DAT file version 20070512105000All my updates were up to date and ZA did NOT find the file as an issue. SO, I manually packed it into a 7z archive to forward to ZoneLabs, and manually removed the file after killing explorer's process. I ran regbot and removed the keys it had put there and ever since I have had no problem, except I want a signature for this if possible.
Can I post the attachment or email it to ZoneLabs for analysis or should I detroy it. I trust ZA for my needs as it is far superior than other Security Solutions and I can vouch for that as I test software for a living and have ALWAYS come back to ZA with pleasure. Follows is a summary by sophos of this file;NameTroj/Bckdr-QHSType<ul>[*]Trojan[/list]Affected operating systems<ul>[*]Windows[/list]Side effects<ul>[*]Installs itself in the Registry[/list]Aliases<ul>[*]BackDoor-CEP.svr[/list]Protection<ul>[*]Download virus identity (IDE) file[/list]Protection available since28 April 2007 16:05:50 (GMT)Detected byAll versions of Sophos Anti-VirusIncluded in our products fromJune 2007 (4.18)Is there an easier way to get this type of file to ZA? I'd suggest a place in the antivirus tab to submit this type of thing but I am sure you would all be overwhelmed by silly submissions.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite