Results 1 to 3 of 3

Thread: Virus Infection

  1. #1
    freddyg Guest

    Default Virus Infection

    Windows XP SP3
    ZoneAlarm Extreme Security 9.3.014.000
    MS InternetExplorer IE 8.0.6001.18702

    I was on the internet and went to a site where it kept downloading something over and over. I finally killed IE using task manager. By then the damage was already done.

    ZA gave no indication at all of a virus. After I closed all open programs I ran a ZA SuperScan. I then rebooted and ran another Superscan. All scans came back clean.

    Once the PC came back up and I tried to run a progam I kept getting notice of an antivirus tool called "XP Extreme ..." (couldn't remember the rest of the title) that kept scanning and finding viruses and I need to register it. I finally found 14 .exe files in my "\doc settings\...\local settings\application data" and one of the programs, mta.exe, was running as a process. After I deleted the progam I could no longer run any programs at all.

    It turns out that the virus modified the "exe and "exefile" registry keys to run the mta.exe while passing the parameters into it. After I removed all 14 .exe files and fixed the registry I was back up and running (hopefully). One of those .exe files was njc.exe which appeared to be a setup file.

    Questions:
    (1) Why didn't ZA catch the virus when it first struck while I was on the internet??
    (2) Why didn't the ZA SuperScan discover the virus before I rebooted and after??
    (3) Why wasn't ZA able to notify me that the virus was making changes to the registry??
    (4) Everything is green on the ZA main page telling me that I am fully protected. My big concern now is "Am I????"


    Thanks
    Fred

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,467

    Thumbs up Re: Virus Infection

    Follow ALL the steps as detailed here:

    Malware Clean-up Guidance


    Next: After cleaning it up please review this post:

    xyz was not detected. What I should do?
    Last edited by GeorgeV; April 22nd, 2011 at 06:29 AM. Reason: typo
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Vanilla Ice Guest

    Thumbs up Re: Virus Infection



    I think it may be best to back up your files and reformat and start afresh as some viruses can install multiple mischief.

    A plugin called 'No Script' for Firefox (free) is very highly regarded and would stop such a drive-by attack, also make sure you have the latest Microsoft updates.

    Take a look at any Firewall logs ZoneAlarm may have generated (Alerts & Logs > Program/Firewall)

    This has happened to me before too, the net is infested with this evil!
    Last edited by GeorgeV; April 22nd, 2011 at 06:28 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Difficult virus infection
    By billkenn in forum Malware Discussion
    Replies: 1
    Last Post: April 24th, 2010, 07:45 AM
  2. Persistant Virus infection
    By cjwilson in forum Malware Discussion
    Replies: 10
    Last Post: April 25th, 2007, 09:04 PM
  3. virus infection only SEEMS to be removed!
    By hate_virus in forum Security Issues
    Replies: 2
    Last Post: June 21st, 2006, 05:56 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •