Results 1 to 10 of 10

Thread: I have a virus/spyware Zonealarm Internet Security can't find it.

Hybrid View

  1. #1
    rbl Guest

    Default I have a virus/spyware Zonealarm Internet Security can't find it.

    To be fair Zonealarm's Internet Security was turned off when the virus arrived via a MSN link.
    Within minutes, if not seconds of it's arrival the LAN cable was pulled (physically) to ensure minimum effects of the rest of the LAN and prevent information being removed from the PC.
    The symptoms are:
    <ul>[*]A
    program %windows%\system32\vwklerax\lsass.exe tries to access the internet each time the pc starts (ZASS asks if it should).
    This program is 75 Kbytes long as opposed to %windows%\system32\lsass.exe which is 13 Kbytes long.[*]The %windows\system32\drivers\etc\hosts file has been raided and all access to anti-virus web sites have been blocked.[*]Zonelabs Internet Security's &quot;Load ZoneAlarm Security Suite at startup&quot; becomes
    unchecked so that next time I boot no protection is given.[*]Windows Explorer options to show hidden and system files becomes switch off
    so that you can't see the rogue folder vwklerax or the rogue lsass.exe (not even with a search for hidden files and folders).[/list]

    BUT when I run a byte scan of the whole disk and even the rogue lsass.exe file ZASS does not complain.

    Is this a new virus or doesn't ZASS work?

    Any suggestions?




    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: I have a virus/spyware Zonealarm Internet Security can't find it.

    Hi!first of all you are still using an old version of ZASS, you should update it to 7 (new powerful AV/AS has been implemented).But before you should get rid of the virus...Try fist with the free Dr.Web cure it:http://www.freedrweb.com/You have to run it in SAFE MODEas follow:1. Disable system restore;2. Reboot in SAFE MODE3. run Dr. Web cure it4. Reboot in Normal Mode5. Ensable System restoreIf the above fails you may want to try Ewido online scan at: http://www.ewido.net/en/onlinescan/and also download, update and scan with superantispyware FREE:http://www.superantispyware.com/download.htmlNext remove ZASS 6.5 (keep note of your license)To clean UNinstall you need to follow this procedure:http://www2.nohold.net/noHoldCust542...n_install.htmlRun a registry/system cleaner. ccleaner is quite good utility (http://www.ccleaner.com/download/downloadpage.aspx?f=3) Re-download the installer from here (and do NOT use any download managers):http://www.zonelabs.com/zasuitedownload/ Install with default settings, do not alter them....Once rebooted manual update the antivirus/antispyware signature ('update now' under the antivirus/antispyware tab)After the update perform a full antivirus/antispyware scan.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    rbl Guest

    Default Re: I have a virus/spyware Zonealarm Internet Security can't find it.

    Hello Fax
    Thanks for the advice.
    Do you know the name of the virus that I've got?
    Does your solution require the infected PC to have access to the internet.
    I'm reluctant to reconnect the PC in case it passes personal data to its masters or infects some of my contacts PCs.
    I note that you suggest using non-ZA products to cure my problem which raises questions in my mind. (e.g. If ZASS can't see it and ZASS can't remove it, would it have stopped it if it had been switched on when it arrived).
    Having been a ZA advocate for many years this is probably the end.
    The license for the PC on which the infection has arrived is due to run out in 7 days and unless things look better than they do right now I probably won't renew it or the other 4 PCs I have for my work.
    Therefore, I may use this &quot;real virus&quot; to test the abilities of the competition.
    It's late here in the UK so I'll have another go with what you suggest tomorrow.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: I have a virus/spyware Zonealarm Internet Security can't find it.

    Hi!well, protecting from viruses is different than cleaning. You should have not disabled ZASS.Please also update to ZASS 7. It has a new AV/AS engine by Kaspersky. One of the best on the market right now.Yes, you need internet access to download Dr.Web, you could use another PC.We are all users here, no ZA staff is monitoring this board. If you would like to change your product you can do it... up to you.Please come back with your results....Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    rbl Guest

    Default Re: I have a virus/spyware Zonealarm Internet Security can't find it.

    Hello Fax
    This is the first ever virus infection on one of my PC's (I've been using
    PC's since before virus's had met PCs), so I don't want to let this one go until I have gotten the most out of it.
    My intention is to erase the infected PC's hard disk and re-install everything but only after I have used this infection to decide on what protection I will trust in the future.
    I have copied the rogue lsass.exe onto a floppy and put the floppy into a PC running ZASS 6.1 and scanned it but nothing was found.
    So I did the same on a PC running F-Secure and it found the trojan win32.vb.bbd.
    As an aside, the infected PC has started running a new program (Mac Cool)
    for which ZASS (6.5) asks whether I want to allow access to the internet.
    I think my next move will to be either do a clean uninstall of ZASS 6.5 from the infected PC and install ZASS 7 to see it if finds the trojan, or I will set up ZASS 7 on a clean PC and see if it sees the trojan on the floppy.
    I'll try to keep this thread updated while I am playing.
    All the best


  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: I have a virus/spyware Zonealarm Internet Security can't find it.

    Hi!you can simply upload the file to www.virustotal.com and see if Kaspersky will detect it (ZASS engine)...By the way F-Secure also use Kaspersky engine... so, it should detect the same.ZASS 6.X uses CA engine, very weak on trojans and spyware.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •