Results 1 to 3 of 3

Thread: ZA Extreme security didnt detect hoax.html.fakeantivirus.a

  1. #1
    aks19 Guest

    Default ZA Extreme security didnt detect hoax.html.fakeantivirus.a

    Hi,

    I was using ZA extreme security latest version when my laptop was struck with hoax.html.fakeantivirus.a virus. Even though ZA detected the virus it could not clean/delete the virus. My system use to hang at random intervals. Non of the browsers (IE,Firefox, Chrome) could work for more than 12-20 mins. While surfing web my browser used to hang and the only option I was left is to reboot the system.

    ZA reported virus at following location.
    --------------------
    Description Anti-virus successfully scanned file and/or system for viruses
    Date / Time 2009-12-20 23:01:42-5:00
    Type Scan
    Virus name
    Filename C:\Documents and Settings\Ashok\Local Settings\Temporary Internet Files\Content.IE5\SZHJP6KX\jquery-init[1].js ...
    Action Scan completed
    Mode Manual
    E-mail

    ----------------------------

    To solve the problem I uninstalled ZA and installed ~~snip ~~ another antivirus trail version. It was able to detect the Trojons/Virus and cleaned them successfully. Since I have lic of ZA I will reinstall ZA after 30 days.
    I just wanted to share my experience so that it can help someone.

    ~~ Snip ~~

    Here are the Virus found
    -------------------
    Status: Deleted (events: 8)
    12/21/2009 11:25:17 PM Deleted Trojan program Backdoor.Win32.Agent.anno File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP4\ A0009205.dll High
    12/21/2009 11:25:03 PM Deleted Trojan program Backdoor.Win32.Agent.ajkm File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP4\ A0009204.dll High
    12/21/2009 11:25:02 PM Deleted Trojan program Backdoor.Win32.Agent.anno File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010010.dll High
    12/21/2009 11:25:23 PM Deleted Trojan program Backdoor.Win32.Agent.anno File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010591.dll High
    12/21/2009 11:25:23 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bcja File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010592.dll High
    12/21/2009 11:25:25 PM Deleted Trojan program Backdoor.Win32.Agent.anmp File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010674.dll High
    12/21/2009 11:25:26 PM Deleted Trojan program Backdoor.Win32.Agent.anmo File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010678.dll High
    12/21/2009 11:25:26 PM Deleted Trojan program Backdoor.Win32.Agent.ajkm File C:\System Volume Information\_restore{41AA47D9-083A-45E8-A2B6-2AD98D72EB5F}\RP5\ A0010691.dll High
    Status: Disinfected (events: 1)
    12/21/2009 11:25:35 PM Disinfected Trojan program Backdoor.Win32.Sinowal.fka Physical disk sector \Device\Harddisk0\ DR0 High
    Status: Quarantined (events: 4)
    12/21/2009 11:50:31 PM Quarantined virus HEUR:Exploit.Script.Generic File C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\C53QBSCN\ u3d[1].pdf High
    12/21/2009 11:50:31 PM Quarantined virus HEUR:Exploit.Script.Generic File C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\C53QBSCN\u3d[1].pdf// data0001 High
    12/21/2009 11:50:31 PM Quarantined virus HEUR:Exploit.Script.Generic File C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\C53QBSCN\u3d[1].pdf// data0002 High
    12/21/2009 11:50:31 PM Quarantined virus HEUR:Exploit.Script.Generic File C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\C53QBSCN\u3d[1].pdf// data0003 High
    -------------------------------
    Last edited by fax; December 22nd, 2009 at 10:16 PM. Reason: indirect advertising - Violates forum rules

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: ZA Extreme security didnt detect hoax.html.fakeantivirus.a

    Did you follow this instruction?
    http://forums.zonealarm.com/showthread.php?t=70448

    Most of the entries are of little concern. Some in the internet explorer cache other in the restore points, usually enough to purge restore points and clean the cache. The only dangerous one is related to the Sinowal Trojan. Scanning in SAFE MODE with Networking should have done the trick, no need of installing other tools.

    Check if you are running any vulnerable software by executing this:
    http://secunia.com/vulnerability_scanning/online/

    And never ever trust anything else than ZA that tells you are infected. Simply close the window and you will be fine. Also ensure you are running the very latest ZAX version.

    Overall, this A vs. B thread is of little use, there may hundreds of different reasons for ZA not been able to remove the thread listed, from corruption of ZA files or bad settings, to outdated version used or incorrect operations. You should have come before removing ZA and ask for support and not now to show how good is the other solution.

    Cheers,
    Fax
    Last edited by fax; December 23rd, 2009 at 01:08 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: ZA Extreme security didnt detect hoax.html.fakeantivirus.a

    One post removed, please keep on topic and no user/attitude/GURU/whatever feedback or comment. This is a ZA product related forum not a discussion board or a feedback section.

    Thanks!

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •