Results 1 to 4 of 4

Thread: ZA Misses Malware Prevention/Detection/Removal - Google Search Results Hijacked

  1. #1
    justnalias Guest

    Default ZA Misses Malware Prevention/Detection/Removal - Google Search Results Hijacked



    I ve been a very long time ZA user since version 2.0 when it was originally by ZoneLabs. ZA has continually been a great product and has always met my needs and I ve always recommended it to others. However, lately I ve steadily seen problems with the product. After trying to test version 8.0, I had to revert to the last 7.0 version which was more stable because 8.0 had too many issues. Now the most recent issue I m discovering is even the AV and Anti-Spyware software, the walls of defense I ve depended upon for so many years, are penetrable.


    The problem is with IE and my Google search results.
    When I click on a search result link, the page is redirected to something entirely different.
    Most often, I m temporarily sent to web sites/URLs that start with "qiwisearch.com" (I can see them quickly change/searching in the address bar) then ultimately end up at sites with "info.com", but I've also been redirected to other sites.

    My ZA is on automatic definition updates so I know both the AV and Anti-Spy are current. In Normal Mode, I ve already performed a full virus/spyware scan (since ZA doesn t have a Safe Mode scan ability) and nothing was found. Not surprisingly since nothing was prevented/detected coming in to begin with.

    I then downloaded, installed, and updated the FREE version of Malwarebytes' Anti-Malware. Disabled Windows System Restore. Since Trojans can hide in the restore files and just reactivate themselves from there, it s best to disable this function, which in turn deletes the files, until the system is clean then it can be turned back on. Rebooted to Safe Mode, then ran the program and did a complete scan. Malwarebyte s Anti-Malware found 5 infections, 2 registry entries and 3 files, all of which were successfully treated. Then rebooted back to normal mode and ensured all was well, which it was.

    It s quite a shame that ZA didn t detect the malware and was oblivious of its ongoing infection, but even more concerning is it didn t even detect/prevent the initial intrusion. Furthermore, could it remove it even it was aware? Highly unlikely seeing as how ZA doesn t have a Safe Mode scan ability.

    I am no way affiliated with Malwarebyte. I simply found their application to be an effective tool where ZA was not, and so decided to point it out. More importantly, to warn other ZA users of ZA s obvious AV/Anti-Spy vulnerabilities and shortcomings.


    Operating System:
    Windows XP Pro SP3
    Software Version:
    7.0.483.000
    Product Name:
    ZoneAlarm Internet Security Suite


    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.85
    Anti-virus signature DAT file version:963130134
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200810.4795
    AntiSpam version:5.0.6.8903

    Message Edited by Justnalias on 11-08-2008 04:15 AM

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: ZA Misses Malware Prevention/Detection/Removal - Google Search Results Hijacked

    Hi!no security solution can cover you 100% from malware this is valid for ZA than any other tool.Google hijacking is due to drive by download malware does not happen alone...Its important your keep your system and ZA updated up to the latest patch.You should move, for example, to version 8, nothing worst than running an outdates security tool.To improve your coverage against drive by download malware you can try ZA forcefield, it will add a layer of security around your browser.Finally its important you report malware to ZA, so that detection can be added and your system cleaned with new defintions.See here how to do it: http://smartdefense.zonealarm.com/tm...cReporting.jspCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    justnalias Guest

    Default Re: ZA Misses Malware Prevention/Detection/Removal - Google Search Results Hijacked



    Thanks for the reply. I concur that no firewall/AV gives 100% perimeter or intrusion protection, however once breeched one should be able to rely on detection/removal of any unwanted activity.

    As I mentioned, I was using version 8, but kept running into issues noticeably increased system resources, system/internet lag, registrations would become corrupt and reset thus disabling AV/ASP updates and causing me to have to unintstall/reinstall (apparently a known issue), and a few other oddities that simply annoyed me. Since I take care of 4 computers at home, and since all of these seemed to be similar issues by many other ZA 8 users, reverting back to the known stable 7.0 version seemed the easiest and best solution.

    Aren t the same definitions used regardless of version 7.x or 8.x? Does 8.0 have the ability to perform a Safe Mode scan?

    Thank you for the link. I will ensure to make a formal report so it may assist in future definitions. The files may still be in quarantine or if not I can at least send the Malwarebyte log.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Misses Malware Prevention/Detection/Removal - Google Search Results Hijacked

    Apparently after checking the web, synantec (nortons) and avira and spybot and ad-aware have all missed this troyan(s) as well.
    Not just the ZA alone.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •