Results 1 to 4 of 4

Thread: Trojans in ZA 80_298_000 from CNET

  1. #1
    fatsoelvis Guest

    Default Trojans in ZA 80_298_000 from CNET

    downloaded zaSetup_80_298_000_en.exe from CNET
    after installation, GLB*.TMP files are appearing in the temp directory.

    i have had a few different ones so far, and they are all the same size at 70KB. how did a trojan end up in zonealarm?


    could someone please shed some light on this?

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Trojans in ZA 80_298_000 from CNET

    Hi!
    this is normal, no trojan... just temp files
    Are you running an antivirus, if not you should do so.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    fatsoelvis Guest

    Default Re: Trojans in ZA 80_298_000 from CNET

    normal?
    GLB5.TMP the one i found after installing zonealarm is exactly the same size, at 71,680 bytes.

    http://www.prevx.com/filenames/65076.../GLB5.TMP.html

    shouldn't we be worried?
    will it be removed in the next zonealarm update?

    =================

    File Behavior

    GLB5.TMP has been seen to perform the following behavior:

    * Adds products to the system registry
    * This process creates other processes on disk
    * This Process Deletes Other Processes From Disk
    * Enables an In Process Object/Server - Common with DLL Injections
    * Creation and Registration of a Browser Helper Object in Internet Explorer
    * Adds new menu items in the Internet Explorer Right Click menu
    * Changes to the file command map within the registry
    * Executes a Process
    * Executes Processes stored in Temporary Folders
    * Adds a Link in the Start Menu
    * The Process is packed and/or encrypted using a software packing process
    * Registers a Dynamic Link Library File
    * Writes to another Process's Virtual Memory (Process Hijacking)
    * Changes the Internet Explorer Search Page
    * Creates a Toolbar Extension for Internet Explorer
    * Can communicate with other computer systems using HTTP protocols

    GLB5.TMP has been the subject of the following behavior:

    * Executed from Temporary Folders
    * Executed as a Process
    * Has code inserted into its Virtual Memory space by other programs

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Trojans in ZA 80_298_000 from CNET

    And so what?
    Not enough size or name you need to check the unique hash. Also prevx database mark it as "been reviewed"... so... no malware.

    Only by actually scanning the file(s) your will know if they are malicious or not.
    Upload it to www.virustotal.com

    Cheers,
    Fax
    Last edited by fax; September 26th, 2009 at 04:56 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •