Results 1 to 7 of 7

Thread: Is this a false positive?

  1. #1
    mickeyrodent Guest

    Default Is this a false positive?

    I have a spyware scan hang on the same file at the same spot every time.

    This is a new PC, XP Pro.

    I decided to try different spyware scanning programs even though my old pc's Adaware & Spybot seemed to do well for me. I know there are better things out there, so I am auditioning the ZA product (have always used the firewall and liked that).

    I set the scanner to do a deep scan on it's first scan of my PC. Twice it has hung on Win32.Trojan.Dropper.VB.MP (at 85% of the scan complete).

    I did some research on this and don't really find anything exactly with this name, although many have similar names, such as .VBS

    I did some searches for files like "mendoza.exe" (which were listed as Trojan Dropper files on some web sites) with no success. There don't seem to be any unfamiliar services running. At that stage of my scan (85%), the number of detected "spyware" items was 0. Never having used this product, I don't know what I should have expected, but no cookies at that point? Anyway, I am stumped. I'm thinking of trying a few of my old standbys to see if I get the same hit.

    One other weird thing - ZA AV monitoring says I have no detectable AV (which is not true - I have AVG running and working great)

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Antivirus

  2. #2
    martytx Guest

    Default Re: Is this a false positive?

    "One other weird thing - ZA AV monitoring says I have no detectable AV (which is not true - I have AVG running and working great)"
    This ZoneAlarm site lists the
    AV programs ZA recognizes. Click the first "Hot Issue" at the bottom of the page:
    http://www.zonealarm.com/store/conte...v/zaavMain.jsp
    However, I think they're really
    "Ice Cold Issues",
    since the "newest" product mentioned goes back to 2005!

  3. #3
    naivemelody Guest

    Default Re: Is this a false positive?

    From what you have listed, it appears you have ZoneAlarm Anti-virus and AVG 'free' anti-virus ??:0 Having two anti-virus' software on a pc will cause problems; simply disabling/ deactivating is not enough - one av must be properly un-installed before adding a new av. See/ click here &gt; http://forums.zonelabs.org/zonelabs/...ssage.id=73645<hr>Just One, Not Two -- Never use two anti-virus products at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel.<hr>See &gt; http://forums.zonelabs.org/zonelabs/...message.id=180<hr>Question: which anti-spyware are you using that gave you this scan result?? There is a difference of anti-virus scanning and anti-spyware scanning; please be precise as to what you are expressing.

  4. #4
    mickeyrodent Guest

    Default Re: Is this a false positive?

    Now I see where you got the idea I was running 2 AVs (I would never do that). When you create a new message, the form provides drop down lists for OS, software versions, etc. It either got messed up when I did it, or the choices were confusing or not specific - I don't remember - but I do see the ZA antivirus listed in my thread, which is not true.

    The anti spyware I was asking about the false positive and scanner freeze was the ZA I was taking for a test drive. I did not download the whole suite. I already had just the ZA firewall, and I only added the anti-spyware.

    Here's what I'm using:

    ZA Firewall and Anti Spyware

    AVG Free AV

    Since this happened, I have downloaded the AVG scanner and it didn't detect any trojans.

    I don't care about the Anti-Virus detection working. According to the link included by another poster, ZA obviously does not recognize AVG, so that's a non issue.

  5. #5
    naivemelody Guest

    Default Re: Is this a false positive?

    Ok, typos, if I read you right - you had ZA Free firewall and added/installed ZA Anti-Spyware??:0 If you have both installed = bad. ZA Free firewall plus ZA Anti-spyware{ this inludes it's own sepearate firewall plus ZA's anti-spyware module} you can't add ZA Anti-spyware firewall product to another existing ZA firewall product - the firewalls do not combine/ unify. You would have to properly un-install ZA Free firewall first with one those 'un-install' instructions, before installing the new ZA Anti-spyware. {complicated -ah-h}. - http://forum.zonelabs.org/zonelabs/b...ssage.id=75090 . /// If you had properly un-installed the ZA Free firewall and have properly installed ZA Anti-spyware - disregard the previous/above message - just covering all the bases/ possiblities. But...<hr>if you had not, then the ZA Anti-spyware scanner is causing a big problem with ZA Free - which also includes ( ZA anti-spyware module picking up the &quot;hidden/ non-funtioning 'ZA Suite' = [Kaspersky anti-virus -drivers/files] within ZA Free's program/ files - a bit complicated ).<hr>Other thoughts: the deep scan of ZA Anti-spyware &quot;may&quot; have produced - a false postive; that's
    one possible factor for
    them to recommend the 'quick scan.'<hr>

  6. #6
    mickeyrodent Guest

    Default Re: Is this a false positive?

    Interesting... Whenever I upgrade ZA it always asks if you want a complete Uninstall/Install, or just the upgrade. When I decided to try the Anti Spyware, ZA asked the same question. Often I do a complete uninstall first, but I decided I didn't want to go through training it on my software settings, so I just let it upgrade instead.

    When I opened the program (after two reboots to &quot;upgrade&quot my firewall had a different interface with more features. I assumed ZA knew what it was doing when the installer asked me what to do with the upgrade/full install question, and it was just giving me a 30 day free trial on the whole kit. So, if this is not what's happening, it might explain why the scan doesn't work. The firewall works fine.

    I have no other firewall. I didn't want to try the suite because I am happy with my AV, and I didn't want to bloat this thing out past what I normally use, like IM protection, etc. So, what to I do? Uninstall ZA, install the trial product, then if I don't like it, uninstall and reinstall the old product? That sounds like a lot of trouble to go to. I am seeing periodic popups with &quot;TrueVector errors&quot; and then it says it must close. ZA is still there, and it's still active, and zclient is still in my process list.

    When I go to close the firewall, the tray menu says &quot;Shut Down Zone Alarm Anti Spyware.&quot; When I go to the start menu, the shortcut says &quot;Zone Alarm Security.&quot; I think ZA makes that unnecessarily confusing.

  7. #7
    mickeyrodent Guest

    Default Re: Is this a false positive?

    I wish this was just a serial thread. see one of my previous posts. I have only one AV, and never had anything other than AVG from start to finish. There's no facility for editing posts, so we may be chasing a cat up the wrong tree... lots of good suggestions on here, but no cigar so far.

    ZA suggested I go to msconfig and uncheck all startup programs other than ZA, run my scan, and see what happens, plus to hide all MS services, then, if the scan works, go back to msconfig and start adding start up programs 5 at a time to narrow it down to a culprit.

    Part of me wants to just forget it, and part of me is curious. As much as I like ZA's firewall... I may just bag the anti spyware.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •