To be fair Zonealarm's Internet Security was turned off when the virus arrived via a MSN link.
Within minutes, if not seconds of it's arrival the LAN cable was pulled (physically) to ensure minimum effects of the rest of the LAN and prevent information being removed from the PC.
The symptoms are:
program %windows%\system32\vwklerax\lsass.exe tries to access the internet each time the pc starts (ZASS asks if it should).
This program is 75 Kbytes long as opposed to %windows%\system32\lsass.exe which is 13 Kbytes long.[*]The %windows\system32\drivers\etc\hosts file has been raided and all access to anti-virus web sites have been blocked.[*]Zonelabs Internet Security's "Load ZoneAlarm Security Suite at startup" becomes
unchecked so that next time I boot no protection is given.[*]Windows Explorer options to show hidden and system files becomes switch off
so that you can't see the rogue folder vwklerax or the rogue lsass.exe (not even with a search for hidden files and folders).[/list]
BUT when I run a byte scan of the whole disk and even the rogue lsass.exe file ZASS does not complain.
Is this a new virus or doesn't ZASS work?
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite