Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Ntos.exe - Does Zonealarm provide protection?

  1. #1
    pipps Guest

    Default Ntos.exe - Does Zonealarm provide protection?

    I have been running a paid for and up to date version of Zonealarm on a fresh installation of Windows XP SP2.
    I have found that my computer is infected with ntos.exe and its associated virus.
    I would be interested to know what protection Zonealarm provides against this virus?

    Operating System:Windows XP Pro
    Software Version:
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    8,990

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    I believe the ntos.exe (some form of banker trojan) is labeled as "Trojan-Downloader.Win32.Agent.bvz" by kaspersky labs and it'description (by kaspersky labs, which is the antivirus scanner used in your ZASS) is seen here:

    http://www.viruslist.com/en/viruses/...virusid=162985

    The ntos.exe should be detected and deleted by the antivirus of the ZASS.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    pipps Guest

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Yes, you're right. Ntos.exe is also
    described here. Though removal
    is not quite as easy as simply finding the file and deleting it.
    And yes, you would also expect a Zonealarm Antivirus scan with up to date virus definitions to find the ntos.exe virus. But it doesn't.
    I am rather unhappy, that after paying a subscription to Zonealarm, the firewall is unable to block this virus entering my system, and is unable to find the virus once it has embedded itself into my registry.
    My question - is how can Zonealarm purport to provide virus protection, when viruses like this are able to happily enter my system?

  4. #4
    Join Date
    Dec 2005
    Posts
    8,990

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Did a full scan in the safe mode yet?

    Oldsod.
    Best regards.
    oldsod

  5. #5
    pipps Guest

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    A full scan in safe mode is the first thing that I did.
    It is interesting to note that, according to Norton at this page, the ntos.exe virus actually checks for the presence of zlclient.exe before installing itself.
    My experience has quite conclusively shown that Zonealarm is incapable of defending against ntos.exe.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,678

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Hi!
    upload ntos.exe to www.virustotal.com and see if kaspersky is detecting it.
    It may be a new variant. If it does you may have a problem with your ZA installation (corrupted).

    If it does not then report it to newvirus at kaspersky dot com. Subject: malware
    Attached the file in a password protected zip. Include password in the e-mail.

    If confirmed it will be added to the AV signature.

    Cheers,
    Fax

    Message Edited by fax on 06-04-2008 11:56 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    pipps Guest

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    The Panda Activescan free online scan found the ntos.exe in my system.
    And the Norton website provided explicit instructions on how to ensure its removal from my system registry.
    It makes me wonder why I even bother paying for or using Zonealarm.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,678

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Hi!
    again, if you find a virus not detected by KAV you need to send it to the malware analyst.
    No AV software will cover you from 100% of the threads nowadays.

    Today is KAV tomorrow is Norton or Panda or X, Y, Z product.

    The steps provided will ensure that 1. you check ZA is working properly, 2. you ensure the thread is added to the malware database.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    pipps Guest

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Hi. Thanks for your advice. But if the virus, its activity, and a recommended removal procedure are documented in so much detail on the Norton support website, and even a free online scan like Panda Activescan is also aware of it, then why would Zonealarm not provide protection against this malicious virus as a matter of course?

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,678

    Default Re: Ntos.exe - Does Zonealarm provide protection?

    Hi!
    two possibilities:

    1. Your ZA is corrupted
    2. The malware is a new variant not recognized by the AV. You need to consider that of the Trojan-Downloader.Win32.Agent.XXX there are hundreds of variants (XXX) and new ones are created and modified every day or every week. So Symantec or panda or KAV may detect Trojan-Downloader.Win32.Agent.abc but not Trojan-Downloader.Win32.Agent.abd and so on...

    To know point 1: you have just to upload the file to virustotal, if it is detected by Kaspersky then there is something wrong with your ZASS installation
    For point 2: you need to inform the vendor that 'Trojan-Downloader.Win32.Agent.abd' is not detected and send the malware sample.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •