Results 1 to 2 of 2

Thread: Rollback.ini

Hybrid View

  1. #1
    mikejfs Guest

    Default Rollback.ini

    I'm currently using ZA Security Suite 7. I've spent the last 5 days cleaning out a very stubborn trojan. Now that I'm clean I want to stay that way so the question I'm asking is probably just me being paranoid. lol

    I've noticed that there is a file called rollback.ini located on my hard drive. When I opened the file here's what it says.

    [AvailableForRollback]
    entry0=0(master.xml)
    entry1=1(kavset.xml)
    entry2=2(dailyc.avc)
    entry3=3(daily-ec.avc)
    entry4=4(base079.avc)
    entry5=5(daily.avc)
    entry6=6(daily-ex.avc)
    entry7=7(black.lst)
    entry8=8(avp.klb)
    [AvailableForRollback:0(master.xml)]
    FileName=master.xml
    LocalPath=C:/WINDOWS/system32/zonelabs/avsys/root/
    ChangeStatus=Modified
    [AvailableForRollback:1(kavset.xml)]
    FileName=kavset.xml
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:2(dailyc.avc)]
    FileName=dailyc.avc
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:3(daily-ec.avc)]
    FileName=daily-ec.avc
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:4(base079.avc)]
    FileName=base079.avc
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:5(daily.avc)]
    FileName=daily.avc
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:6(daily-ex.avc)]
    FileName=daily-ex.avc
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:7(black.lst)]
    FileName=black.lst
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified
    [AvailableForRollback:8(avp.klb)]
    FileName=avp.klb
    LocalPath=C:\WINDOWS\system32\zonelabs\avsys\Bases/
    ChangeStatus=Modified


    I just want to make sure that it's not another program trying to change ZA settings. Is this a normal ZA file/procedure?

    Thanks!

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Rollback.ini

    Hi!rollback.ini is a legitimate file used by ZASS KAV engine.In case of problem with corrupted AV signature an automatic rollback feature will restore previous signature.Nasty trojans and malware may have installed unwanted rootkits. Some rootkits are very difficult to detect and/orremove...I would reccomend you let malware specialist analyse your system to be sure you are clean.See here:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlBefore posting, please read the mandatory steps:http://www.castlecops.com/t102301-Hi...e_Posting.htmlCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •