Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Win32.New.s

  1. #1
    panbarrick Guest

    Default Win32.New.s

    Ran an antivirus/antispyware scan and ZA said it found Win32.New.s in C:\WINDOWS\$NtServicePackUninstall$\notepad.exe. Recommended I delete it as it could record keystrokes, change files, and alert another user whenever I'm online. Has anyone heard of this? Had a similiar experience about a month ago which I'd quarantined. What steps should I take now to ensure security?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Win32.New.s

    Hi!was the antispyware or the antivirus that detected it?Looks to me more as a false positive, but you never know....If you have access to the supposely infected executable please upload to www.virustotal.com to get anassessment by more than 30 antivirus engines.Fax

    Message Edited by fax on 05-30-2007 08:53 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    panbarrick Guest

    Default Re: Win32.New.s

    Antispyware detected it. The antivirus scan always reverts back to 0, clearing all data. ..Also I updated ZA and it had me reboot to take affect.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Win32.New.s

    Ok, it may be a false positive...Try to report it to ZALabs and ask for support.Here is the place to report false positives: http://www.zonealarm.com/store/conte...are_report.jspYou may want to contact directly ZA technical support at: www.zonelabs.com/tsform FaxP.S. if you know what you do, you could restore the file and upload to www.virustotal.comto check if it a false positive, but if you are not confortable with malware better to contact ZA directly.

    Message Edited by fax on 05-30-2007 09:01 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    technoweary Guest

    Default Re: Win32.New.s

    I received this "Trojan" this morning but it was based in a different directory:
    Win32.News.sD:\1386\SYSTEM32\notepad.exeandD:\Mini NT\System32\notepad.exe
    I did a scan overnight and came up with this
    "Trojan ?" this
    morning.
    It did not automatically quarantine it but recommended I quarantined it.
    I did quarantine it and ZA recommended I delete it for the reasons listed in the above post (can get passwords, and access to your computer and cd drives.)
    I have not deleted it as of yet because it seems based in my recovery drive.

    I rebooted computer and did another scan and this "Trojan" is not listed
    by type as a "Trojan" anymore but as an "Other"
    and it does not give a name anymore (ie. where it was listed as Win32.News.s before, it now is blank in the "name" slot.) And ZA recommends I just keep it in Quarantine now and not delete.
    I don't know what to do with it now ?

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Win32.New.s - False Positive seems fixed with AS DAT AS 01.200705.1675

    Hi!thanks for the info, probably they have corrected the false positive in the new AS signature just released (01.200705.1675)Just restore it from the quarantine... and run the scan again.Fax

    Message Edited by fax on 05-30-2007 10:48 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    technoweary Guest

    Default Re: Win32.New.s - False Positive seems fixed with AS DAT AS 01.200705.1675

    Thanks Fax.
    I restored the "Other," rebooted the computer, and did two spyware scans and they came up clean.
    Thanks for the help

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Win32.New.s - False Positive seems fixed with AS DAT AS 01.200705.1675

    You're welcome...Glad to hear that the problem is solved... usually ZA Malware Labs are quite fast in fixing false positives.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    pesche Guest

    Default Re: Win32.New.s - False Positive seems fixed with AS DAT AS 01.200705.1675

    Hi,
    I've suddenly been getting unprompted shutdowns while performing the deepest-possible
    ZA anti-spyware scan.When I finally managed to complete one such
    scan,
    there was one item in the list:

    Win32.New.s
    The advice was to quarantine it, but I deleted it, so have no further access to rescan it with other software.
    Has anyone else been having shutdown problems?
    Pesche

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Win32.New.s - False Positive seems fixed with AS DAT AS 01.200705.1675

    Hi!it may be good, when doing deep scan with ZA AS, to do it in SAFE MODE.But the intelligent quick scan should be fine, no need of deep scan...Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •