Results 1 to 10 of 10

Thread: Win32.Click.527. (Trojan)

  1. #1
    spellsword Guest

    Default Win32.Click.527. (Trojan)

    I just ran a scan using Zone Alarm and it detectedWin32.Click.527) type Trojan
    Located in:C:\windows\system32\Macromed\Shockwave 10\gtapi.dll
    How do I deal with this **bleep**er? Is it even really there?
    I just finished dealing with the aftermath of theWin32.Trojan.Dropper.Small.156)
    thing (Yeah, it got me too...)
    I reinstalled my machine's OS and all programs from a backup disk and was surprised to see this appear. Aside from connecting to Zone Alarm's servers to download the latest definitions & patches I haven't gone anywhere on the web or installed any suspicious software.
    It 'is' possible it was already on the backup. Is there any way to make sure that what's being detected really is (Win32.Click.527) and if so, how do I eradicate it? And what is it capable of?
    It's on my business machine so I'm pretty much
    completely
    screwed till this is dealt with.

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    johnsonmr Guest

    Default Re: Win32.Click.527. (Trojan)

    This may not be relevant, but ... I run the computer XP Pro 24/7 with ZA Security Suite, last restart was probably 7/29. This am (8/4) I did a restart, and the screeen went blank after the Windows splash screen. I could "hear" windows start up, music etc, email arriving, etc. but the screen was blank. Went to another computer and was able to access the files over the network, so the computer was booting just fine but not displaying. Unable to enter Safe Mode. After stumbling a while trying to solve what I thought was a video problem (switching monitors, etc), decided I
    had probably corrupted a driver.
    I restored (Acronis True image) the C:\ parition from last nights backup. No joy. Since I do daily images I worked back and discovered the problem went away after restoring from 7/31. Following startup, Virus scanner ran and detected a virus -- I didn't write down the name but it had a Win32..... Trojan notation. I recalled that I had encountered this before and had done the recommended quarntine. Things had run fine until I attempted to restart today (8/4). Not thinking this virus was related to a video problem, I deleted it an went on, not being alert enough to copy down the name. I subsequently tried a restart and the old problem returned. I restored from 7/30 backup, the virus scan did not detect a virus, and all seems well at this point. It appears that ZA is not handling that virus -- whichever one I encounted, correctly. Anyone seeing anything similar?

  3. #3
    montynj Guest

    Default Re: Win32.Click.527. (Trojan)

    I had a similar experience. My ZA scan detected Win32.click.527 as a Trojan and I quarantined it as suggested. When I then rebooted my computer, I heard it go through the start up process but the screen went black as soon as windows (XP) started to load. After several attempts at rebooting, I rebooted into windows safe mode and everything came up OK so I did a system restore to the previous day (which was prior to the scan and quarantine) and everything worked fine.

    I've done web several searches for it but have found nothing about Win32.click.527 out there, including nothing on the Zone Alarm site. This was the second seemingly False Positve I've had on Zone Alarm in two weeks.

  4. #4
    johnsonmr Guest

    Default Re: Win32.Click.527. (Trojan)

    Yeah - Security becomes an even more serious problem when the AntiVirus program is unreliable - and the staff dosen't take action (at least as far as I am aware)
    to provide notification regarding the issue. I have used Norton Anti virus since
    the early 80's and it never failed me. I just switched the ZA AV this spring. Maybe that will prove to be a mistake.

  5. #5
    montynj Guest

    Default Re: Win32.Click.527. (Trojan)

    I've been using zone alarm for years and it has generally been reliable.
    Not sure what is going on the past few weeks though with 2 false positives.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Click.527. (Trojan)

    Hi!please report the false positives to: http://www.zonealarm.com/store/conte...are_report.jspBe sure of reporting as much details as possible to ZL labs so that they can fix itfast.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    bkwestbury Guest

    Default Re: Win32.Click.527. (Trojan)

    I encountered a similar situation to some of those already described above in this thread.
    In my case ...
    ZA Security Suite purported to have detected a trojan named Win32.Click.527, with the relevant details being:File: c:\Documents and Settings\Administrator\Local Settings\Temp\gtapi.dll
    Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Google
    The above file, gtapi.dll is 45,056 bytes in size, and has the following MD5 signature: b19256632fd0ba5bed01e80e29402384
    I scanned this file online at the following two sites:
    http://virusscan.jotti.org/
    http://www.virustotal.com/Both online scans found nothing suspicious about it.
    I believe that there is a strong likelihood that my system was clean at the time of the ZASS Spyware scan (and presumably still is!) as its state at the said time was generated by the following procedure1) Hard drive wiped and restored with a reputable OEM
    supplied factory reset/recovery HD image.
    (2) XP SP2 installed from Microsoft supplied CD.
    (3) ZoneAlarm (free version) installed from CD from a leading and reputable national PC Magazine.
    (4) Tested internet access by visiting www.google.com (The main page loaded, but I didn't conduct any searches).
    (5) ZoneAlarm (free version) updated online.
    (6) Windows updated online.
    (7) Replaced ZoneAlarm (free version) with a trial version of ZA Internet Security Suite.
    (8) Updated ZA Internet Security Suite online.
    (9) Scanned my system for viruses and spyware using ZA Internet Security Suite.
    As it can be seen, at the time of the ZASS Spyware scan, I had only ever visited reputable sites (Microsoft, ZoneLabs, and the Google main page).
    Additionally, I always have a firewall operative whenever I'm online.
    Hence, at the time of the ZASS Spyware scan,
    my computer hadn't been exposed to any real significant threats/risks.Also, I haven't noticed anything problematic with the operation of my computer.
    I submitted a 'suspected false positive' report to ZoneLabs, and they promptly replied with the following words:"This issue will be fixed in the next database update."
    Indeed,
    once the next spyware database update was applied, ZASS no longer reported the presence of Win32.Click.527.
    So, in my case at least, the 'detected' Win32.Click.527 trojan was actually a false positive.
    Hope this helps!

    ---------------------

    ZoneAlarm Security Suite version:7.0.363.000
    TrueVector version:7.0.363.000
    Driver version:7.0.363.000
    Anti-virus engine version:3
    Anti-spyware engine version:5.0.172.0
    Anti-spyware signature DAT file version:01.200708.2145
    AntiSpam version:5.0.6.8903

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Click.527. (Trojan)

    Thank you for your report...Always keep detected malware in the quarantine for a certain period of time and do not delete it ... this way you can easily restore the file if it is found to be a false positive.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    spellsword Guest

    Default Re: Win32.Click.527. (Trojan)

    Thanks for the help.
    Sorry about the delay in my reply.
    Personal status update:
    I no longer detect the 'Win32.Click.527' so all is well.

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Click.527. (Trojan)

    Hi!thank you for your feedback... glad to hear your issue is solved.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •