Results 1 to 9 of 9

Thread: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

  1. #1
    dannyeluciane Guest

    Default Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    Hello,
    I apologize if I am posting too much.
    My ZASS is set to scan weekly.
    Tonight, the scan detected 3 Trojan-Downloader. The log reads the following:
    Type: TreatVirus Name: Trojan-Downloader.JS.Agent.bwpFile Name: C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffffdf7.iswAc tion: QuarantinedMode: Manual.
    Type: TreatVirus Name: Trojan-Downloader.JS.Agent.bwoFile Name:
    C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffffdfa.iswAc tion: QuarantinedMode: Manual
    Type: TreatVirus Name: Trojan-Downloader.HTML.Agent.ijFile Name: C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffff04.iswAct ion: QuarantinedMode: Manual
    Can anyone tell me if the above viruses are a threat and if I have to do anything else to my computer, like format, reinstall windows, or change all my passwords?
    I honestly don't know how I got these viruses.
    The only warning I received today was when I was visiting a friend's church website ZASS and not
    ZAFF
    mentioned that it blocked access to a spy site, but the church site loaded.I did get 3 suspicious behavior alerts, it had something to do with Microsoft (C) wanting to access the internet. I set it to deny, because I never saw the alert before and I wasn't using the computer at the time. I just came in an noticed the alert.
    I did report a suspicious file to www.virustotal.com the other day, which turned out to be a virus. But I didn't open or run the file. I posted a thread about this. http://forums.zonealarm.org/zonelabs...essage.id=3727

    Again, I apologize if I am posting too much.Danny
    My WIndows is XP Pro in Portuguese.
    I use ZASS & ZAFF.
    I am behind a NAT Router.
    ZoneAlarm Security Suite version:7.0.473.000
    TrueVector version:7.0.473.000
    Driver version:7.0.473.000
    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.85
    Anti-virus signature DAT file version:950775632
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200805.3845
    AntiSpam version:5.0.6.8903
    ZoneAlarm ForceFieldVersion 1.0.331.0




    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.


    <blockquote><hr>dannyeluciane wrote:
    Hello,
    I apologize if I am posting too much.
    My ZASS is set to scan weekly.
    Tonight, the scan detected 3 Trojan-Downloader. The log reads the following:
    Type: TreatVirus Name: Trojan-Downloader.JS.Agent.bwpFile Name: C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffffdf7.iswAc tion: QuarantinedMode: Manual.
    Type: TreatVirus Name: Trojan-Downloader.JS.Agent.bwoFile Name:
    C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffffdfa.iswAc tion: QuarantinedMode: Manual
    Type: TreatVirus Name: Trojan-Downloader.HTML.Agent.ijFile Name: C:\Documents and Settings\Administrador\Configura es locais\Temp\#ISW.FS#\Normal\fffffffffffff04.iswAct ion: QuarantinedMode: Manual
    Can anyone tell me if the above viruses are a threat and if I have to do anything else to my computer, like format, reinstall windows, or change all my passwords?
    I honestly don't know how I got these viruses.
    The only warning I received today was when I was visiting a friend's church website ZASS and not
    ZAFF
    mentioned that it blocked access to a spy site, but the church site loaded.I did get 3 suspicious behavior alerts, it had something to do with Microsoft (C) wanting to access the internet. I set it to deny, because I never saw the alert before and I wasn't using the computer at the time. I just came in an noticed the alert.
    I did report a suspicious file to www.virustotal.com the other day, which turned out to be a virus. But I didn't open or run the file. I posted a thread about this. http://forums.zonealarm.org/zonelabs...essage.id=3727

    Again, I apologize if I am posting too much.Danny
    My WIndows is XP Pro in Portuguese.
    I use ZASS & ZAFF.
    I am behind a NAT Router.
    ZoneAlarm Security Suite version:7.0.473.000
    TrueVector version:7.0.473.000
    Driver version:7.0.473.000
    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.85
    Anti-virus signature DAT file version:950775632
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200805.3845
    AntiSpam version:5.0.6.8903
    ZoneAlarm ForceFieldVersion 1.0.331.0




    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>


    I can't figure out the .isw file extension.
    Clean the IE browse's r caches and see what there is left.
    Or use the disk clean or a file cleaner such as ccleaner.
    First release the files from the scanner before deleting.
    Sounds like these are files from a web site and deleting these should solve the problem.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    Hi!please flash your ZAFF virtual data (Settings --&gt; Advanced tab --&gt; "clear virtual data")This will remove all the nasties on your system. Those files are from ZAFF temp area.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.


    <blockquote><hr>fax wrote:
    Hi!
    please flash your ZAFF virtual data (Settings --> Advanced tab --> "clear virtual data")
    This will remove all the nasties on your system. Those files are from ZAFF temp area.


    Cheers,
    Fax
    <hr></blockquote>


    AH. That explains the unknown file extensions!
    These are ZAFF files!
    Was under the impression if the ZAFF was in use it would have it's own seperate caching and not use the window's default folders.
    But then again I never used the ZAFF.
    Thank you Guru Fax.
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    You're welcome :8}All drive-by-download are contained in that temp area.If not automatically cleaned, a simple flash of the sandbox (virtual area) will give back the IE/firefox system in itsoriginal state...Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.


    <blockquote><hr>fax wrote:
    You're welcome :8}
    All drive-by-download are contained in that temp area.
    If not automatically cleaned, a simple flash of the sandbox (virtual area) will give back the IE/firefox system in its
    original state...


    Cheers,
    Fax
    <hr></blockquote>
    Sweet and simple!
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  7. #7
    dannyeluciane Guest

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    Again I thank you for Guru Fax and Guru Oldsod for all the help.
    I cleared the Virtual data from ZAFF and also used the CCleaner.
    I didn't realize that these were in the ZAFF temp files.I imagine that ZAFF didn't automatically clean it, because I was using the web browser to send e-mails during the virus/antispyware scan.Also, I found the site that did the driveby download, unfortunately, it was my friend's church website.
    I did a check LinkScanner (http://linkscanner.explabs.com/linkscanner/default.asp), you can type the URL of a website and they will check it for malware.

    My friend's site
    came up positive for malware.
    I think I will take the time to mention in my church, that people need to take
    malware threats and Internet security
    seriously.
    An unprotected
    or infected computer can easily spread malware
    throughout the church, before anyone realizes.

    I would like to see my
    entire
    church to
    use ZASS and ZAFF.
    I thank you all for the help.
    I don't have time to Google everything with my questions. I apologize if I clutter the user
    forum.
    My wife is very sick with bone cancer and has had 3
    major surgeries this year, and will need
    4 more.
    So my time is very
    tight
    among caring for her, my 2yr old, and my work.

    I do a lot of work through my computer and I can't risk getting virus or spyware.
    Thanks for all the help,Danny






  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    Hi!sorry to hear about your family problems.Just a warning on the use of ccleaner, it may have strange effects on ZAforcefield (at least here) and browsing (not loading pictures).If you want to use ccleaner, either you exclude that temp folder or you need to clean your cache from IE (without ZAFF) after having flashed ZA virtual data.Cheers,Fax

    Message Edited by fax on 05-12-2008 03:18 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Weekly Scan Showed 3 Trojan-Downloader. Need help again.

    I hope your friends site gets cleaned up and properly secured.
    Good luck in your days and God Bless.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •