Results 1 to 8 of 8

Thread: Trojan-Ransom.Win32.Hexzone.gen

  1. #1
    chrislay Guest

    Default Trojan-Ransom.Win32.Hexzone.gen

    I received a troubling message this morning when I opened up Microsoft Money. I am wondering (hoping) if it is a false positive: Trojan-Ransom.Win32.Hexzone.gen was found in C:\Program Files\Microsoft Money Plus\MNYCoreFiles\surfinet.dll on 11/13/2008 8:17:04

    The above file was quarantined by ZA-AV, however I cannot find it in the noted directory (or on the computer at all) to send along. Are quarantined files stored elsewhere? Also, when I open Microsoft Money Plus Deluxe (17.0.120.1415) it now thinks I am running the trial version. This has been registered for over a year. Any help would be appreciated!

    Thanks,
    Chris

    XP Pro SP3 current
    ZA Suite ver 8.0.059.000
    TV engine 8.0.059.000
    Driver ver 8.0.059.000
    AVir engine 6.0.2.678, DAT file ver 963469518
    ASpy engine 5.0.202.0, DAT file ver 01.200811.4835
    ASpam ver 5.0.61.9957

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    scottmd Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    Chris I have the same exact situation, The (virus) (If that's what it is) is
    part of the distributed copy of Microsoft Money, I
    thought I had possibly become infected and I
    scanned the setup.exe file that installs money and
    Zone-Alarm detected it as
    Trojan-Ransom.Win32.Hexzone.gen. If you scan the setup file zone alarm will quarantine it.
    So be aware of this.
    I have sent an email for support to Microsoft and am awaiting a response. I also attached the money.exe setup file so that they can see that the questionable virus is part of the actual setup program. I will post their response here.
    RegardsScott.

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    Hi!its probably a false positive. Upload the file to www.virustotal.com and check what other scanner says about it.To report false positives please see here:http://forum.zonelabs.org/zonelabs/b...essage.id=3780Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    goldy Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    It looks like at least 3 of us are having the same problem! Each day that ZA scans, it finds the "virus" again then quarantines it but it keeps coming back. I certainly hope it is a false positive due to the nature of software that is possible infected! Can't pay bills or download my cleared transactions due to the "Trial version" message. Had mine for over a year as well.
    I look forward to a quick resolution.

  5. #5
    evolved_lad Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    I had the same problem, so I restored the quarantined files.
    After that, when I tried to open my Money file, it didn't recognize my user id/password.
    I'm guessing my Money file got mangled when it ran earlier using the quarantined files.
    I just restored
    my Money file
    from the most recent backup, and it worked.

  6. #6
    ctintheusa Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    We have the same thing too. Wonder what has caused this to suddenly start up. I installed a new version of Zone Alarm Virus Scan (engine 8.0.059.000, dat file 8.0.059.000, driver 8.0.059.000) and that's when the problems started. I have reinstated the quarantined "virus" and MS Money is still telling me I have a trial version. I am going to reinstall from CD and see if that sorts out the "trial version" issue but assume ZA will just quarantine the file again. Any news at this point?

  7. #7
    scottmd Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    OK, The problem seems to have been resolved, with the update on 11-14 to zone alarm virus definitions. Microsoft's response was to totally uninstall the and re-install the program...Duh!
    As described below. I did nothing at all of course and its fine. I also uploaded the file (surfinet.dll) to www.virustotal.com. Thanks for the tip from guru
    fax
    . At first there were two virus detections, but subsequent re-analysis of the file has yielded no virus detected. So everyone must now be all set hopefully.
    From Microsoft,
    ... "I
    need you to completely remove the program from your computer, and then scan for any virus. Once you have finished scanning please install Money again and run a scan. This will determine if there is a virus or if there is where the virus may be.

    Below I am providing you with the steps to remove and reinstall Money; before you remove the program you need to make sure you can install it once again." ....




    To remove and reinstall the program follow the following article;




    http://support.microsoft.com/kb/895866




    Again everyone should be all set.




    Regards

    S.

  8. #8
    chrislay Guest

    Default Re: Trojan-Ransom.Win32.Hexzone.gen

    Thanks Scott! I sent the DLL file to Kaspersky, no return message as of yet, but it does appear to have been removed from the last definition list.
    On your Money reinstall, did you have to re-activate? I ended up taking the surfinet.dll out of the installer and puttng it back in the \MNYCoreFiles directory. So far, it seems fine, but I will follow up if I get any Trial version messages down the line.

    Chris

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •