For 3 months ZAP has logged blocked outbound connection attempts to reach a malware site, syssecuritypage.com. My machine was running 6.1.744.001 when this started, I updated to 6.5.737.000 and it continued.
Yesterday I performed a low level reformat of my disc drive, reloaded XP Pro and downloaded a fresh copy of 6.5.737.000. Now ZAP is telling me msimn.exe (O.E.) is attempting to reach syssecuritypage.com. I ran msimn.exe through the on-line virus scan at virustotal.com, it was clean. Before the reinstall ZAP warned that Internet Explorer, Firefox, explorer.exe and winlogon.exe were attempting to reach syssecuritypage.
I ve run security scans with ZAP anti-spyware, NOD32, Spysweeper, Trojan Hunter, Spybot and Ad Aware. Before reloading my OS I additionally ran scans with hijackthis, several rootkit, SmitFraud, Vundo and other detection software packages. All scans were negative.
Syssecuritypage is one of the Smit Fraud Trojans, see http://www.virusvault.co.uk/fusionbb...ic.php?tid/81/ . I ran SmitFraudFix, a tool developed to detect and remove this pest, nothing was found.
The wipe and new OS install should have removed all malware. Now I suspect ZAP maybe recording false positives as I ve not seen any of the behavior of a SmitFraud infection, pop ups warning that a PC is infected and advice to download their security software to remove the pests.
I need to find out whether ZAP is recording false positives and how to either stop the warnings or find out why they are occurring. I d appreciate any help you could provide.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Pro