Results 1 to 7 of 7

Thread: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

  1. #1
    tryprotect Guest

    Default ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    Hello,

    ZA Internet Security Suite scan first quarantined the subject file last week. The file was located in C:\Windows\system32\ati2cqag32.dll. The ZA infection name assigned is HEUR:Trojan.Win32.Generic.

    Prior to ZA initially quaranting and three times since then, we have had problems with Internet Explorer 8 searches being redirected to websites we were not searching for. Immediately after the file is quarantined, the browser problem stops. However, at some point after being quaratined, the computer reinstalls the file, and the browser redirect problem reappears. I have done three ZA scans in Safe Mode with Networking and each time the same file at the same location is quaratined.

    I found one appearance of ati2cqag32.dll in the registry:

    HKEY_CLASSES_ROOT
    CLSID
    {0E9A0007-92D9-46DB-9DDF-0A1C4EA36FD1}
    InprocServer32

    This appears to be a browser redirect, but I could not find anything in this forum or on the internet on how to remove this completly from our laptop. Just in case my internet searches were at risk of being blocked by this infection, I did my research on our uninfected desktop computer.

    Any help would be greatly appreciated. Please let me know if you need additional information.

    Thank you.

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,473

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    It sounds like you may have been infected while surfing the internet..

    Click on the Following two ZA Forum Links from the Top of the Forum Malware Section and Follow all instructions..

    1.) Sticky: xyz was not detected. What I should do?

    2.) Sticky: Malware Clean-up Guidance
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    tryprotect Guest

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    GeorgeV,

    I will do as you recommended and write back with the result.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    Also see here below on how to report false positives to Kaspersky lab:
    How to diagnose and/or report antivirus/antispyware false positives

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    tryprotect Guest

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    Thanks to all for your replies. I looked through the links you provided and it appears that I was able to resolve the problem. Since I did not exactly follow the path you suggested, the following is to share what I did and what I found, in case someone might find it useful:

    Before my initial post, I had run the ZA "Supper Scan" a few times. However, only the ati2cqag32.dll file was detected and quarantined. This file would automatically regenerate a couple of days after each quarantine. I learned that there was an associated .exe file that could not be deleted. As recommended, I turned-off Windows System Restore. I also deleted the registry entry associated with the ati2cqag32.dll file and all files that began with ati2cqag32, including the prefetch file. I then added a few letters to the end of the .exe file (change to ati2cqag32.exeabc) and emptied the recycle bin. I then rebooted into Safe Mode with Networking and re-ran the ZA "Super Scan". This scan found Trojan-Downloader.Win32.Pakes.ha in my renamed file (ati2cqag32.exeabc) which it quantined. I rebooted normally and saw that ati2cqag32.exe that had been regenerated in the Windows/System32 folder during the boot process. I rebooted into Safe Mode again and re-ran the ZA scan. This time the scan associated the Trojan-Downloader.Win32.Pakes.ha with the unaltered .exe file (ati2cqag32.exe). ZA renamed and quarantined it. I rebooting again into Safe Mode and re-ran the ZA scan. This time the scan associated Trojan-Downloader.Win32.Pakes.ha with Windows/System32 file fxst3032.exe, which it quarantined.

    After completing the above, I rebooted normally and saw that all problem files were gone. I rebooted again and nothing had regenerated. Lastly, I did a few internet searched and rebooted. The registry entry that I manually deleted and all problem files still have not regenerated. At this point, unless you feel there is something else I need to do, I believe the laptop is now clear of this trojan. Although there may be no reason to wait, after a few days, I will active Windows System Restore.

    Thank you again for everyone's input!

    tryprotect

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    Did you scan the file at virustotal? They may have been just false positives.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    tryprotect Guest

    Default Re: ZA Scan Quarantines ati2cqag32.dll 4 Times in 7 Days

    fax,

    I did not scan the files at virustotal. However, when I previously changed the ati2cqag32.exe and ati2cqag32.dll file extensions, the problem immediately stopped and after rebooting the files regenerated and the problem returned. So for these two files, I feel fairly confident that they were the files that caused or contributed to the problem.

    I believe the only file that could be a false positive is fxst3032.exe. I first learned of this file when the ZA scan quarantined it today, and do not kow for sure if it was part of the problem. If the laptop starts performing strangely, I will restore the file and scan it at virustotal.

    tryprotect

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Scan Hangs for Days
    By gordyWI in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: December 20th, 2009, 04:02 PM
  2. Long scan times
    By emcp in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 3
    Last Post: January 25th, 2009, 12:48 AM
  3. ZA Sec Suite Virus Scan Quarantines ZA setup files. False Positive?
    By ncm in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: December 15th, 2008, 08:24 AM
  4. Antivirus / Antispyware Scan Times
    By bannor in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 6
    Last Post: December 14th, 2008, 09:41 AM
  5. Replies: 1
    Last Post: September 19th, 2008, 04:08 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •