Results 1 to 2 of 2

Thread: Infected ZoneAlarm?

  1. #1
    ChillyG Guest

    Default Infected ZoneAlarm?

    I know my computer has been hijacked and is being used as part of a botnet but I am having a heck of a time figuring out how it's infected. I have been using Wireshark to monitor packets going out of my computer and there is something peculiar I have noticed, an HTTP Get that looks like a buffer overflow. The reason I'm posting this here is because the User Agent is Zone Alarm. I think I'm way off base here but this seems odd to me so I thought I would post it here. Also, I'm using Windows Vista Home Premium on an Acer Aspire 6930G. I appreciate any comments or direction pointing anyone can give me. Thanks

    *** Bleep ***

    Host: *** Bleep ***
    Accept-Encoding: gzip
    Accept: */*
    Content-Type: text/plain
    User-Agent: ZoneAlarm/8.0.400.020 (oem-1042; en-US) ZSP/2.2
    HTTP/1.1 200 OK Date: Sun, 06 Sep 2009 11:44:13 GMT
    Last-Modified: Sun, 06 Sep 2009 11:44:11 GMT
    Expires: Sun, 06 Sep 2009 12:44:11 GMT
    Response-Code: 404
    Content-Type: application/octet-stream
    Content-Length: 124
    Connection: keep-alive

    ZPDOCBIN..........
    ......(.]..i..L5.'k......5..U~.;.
    $Xb.....,a...........z.....}...$..)..E..R..}mm.)q. .....4......f.Q....zI
    Last edited by GeorgeV; September 6th, 2009 at 05:12 AM. Reason: Violation of "TOU"

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,463

    Default Re: Infected ZoneAlarm?

    Quote Originally Posted by ChillyG View Post
    I know my computer has been hijacked and is being used as part of a botnet but I am having a heck of a time figuring out how it's infected.


    1.) the "Response Code: 404 " indicates a Browser error could not find or connect to the Website you were attempying to contact..


    2.) if you think your computer may be infected with Malware.

    Please Follow the Following proceedure to Clean your computer..

    ----------------------------------------------
    NOTE: the steps below works only if you are on the latest versions of ZA (7.0.470.000 or later). If you are not, please update to the Latest version of Zone Alarm.

    Try to perform a full Antivirus/Antispyware scan but in SAFE MODE WITH NETWORKING.

    1. Disable system restore;
    2. Set ZA antispyware to "Deep inspection scan" under the advanced options on ZA antivirus/antispyware tab (detection);

    3. Reboot Computer into SAFE MODE WITH NETWORKING;

    4. Manual run ZASS in SAFE MODE (ZA firewall will be OFF but Antivirus/Antispyware will be functional);

    5. Run a full ZA AV/AS scan;

    5. Reboot in Normal Mode

    6. Set ZA antispyware back to recommended settings ("Intelligent quick scan")
    7. Ensable System restore is turned back on;

    NOTE:
    How to start in SAFE MODE WITH NETWORKING
    How to disable windows SYSTEM RESTORE

    If the above fails try to clean your system with:

    1. Download update and scan with MBAM
    WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running
    2. Download. update and scan with superantispyware FREE
    WARNING: Some malware will block the download of this software, rename the installer to a random name before saving and running
    3. Download update and scan with A2 free

    Still Problems? Try the bootable CD fromDrWeb

    if ALL the above fails please post your Hijackthis log to BleepingComputer or SpywareHammer

    Please Post back here with your progress Report..
    Last edited by GeorgeV; September 6th, 2009 at 05:28 AM. Reason: typo
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •