This was found by Anti-spyware after a full system deep inspection scan (ResHack.exe). I chose to ignore it once, and then decided to run an on-demand scan through the context menu which resulted in nothing being found. Is this a false positive, or does the on-demand scanner not include anti-spyware? I've been able to run ResHack without ZoneAlarm giving me any alerts (apart from communicating with ctfmon.exe). I can't confine the Anti-spyware scanner to scan just the ResHack folder, which I now realise is a limitation of ZoneAlarm itself. Other Anti-Spyware scanners (AVG, Ad-Aware, SuperAntiSpyware) find nothing, and a google search of "ResHack Win32.Dropper" also results in no matches apart from this very thread.
Windows XP Home Edition
ZoneAlarm Internet Security Suite
Message Edited by Sensory on 08-14-2008 08:57 AM