Results 1 to 9 of 9

Thread: [SOLVED] Virus in my archived zaSuiteSetup_101_079_000.exe --> false positive

Threaded View

  1. #1
    Join Date
    Jul 2005
    Posts
    46

    Default [SOLVED] Virus in my archived zaSuiteSetup_101_079_000.exe --> false positive

    I have this and other installers, documents and stuff in a partition of my HD set aside for that. I also record the contents of this partition to rewritable DVDs from time to time. All of this for backup purposes.

    A manual scan performed some hours ago detected Trojan-Downloader.Win32.Banload.btbm in the HD copy of this file. The file was quarantined automaticly and I suspected it could be a false positive, so I waited.

    A while ago I thought that I could scan a copy burnt to RW-DVD. I have two of them, recorded on January 1st and January 18th this year (I use 3 sets of DVDs cyclically, the other was recorded in November 28th 2011 and the zaSuite installer stored in them is older; if it matters it has icon unlike the 10.1.079 ones). The file was downloaded to my HD in December 28th, installed in my OS's, and recorded to DVDs in the said dates. I scanned the January 1st copy and turned out clean, so I decided to delete the quarantined copy and redownload the file.

    The redownloaded file has the same virus! There's also a file size discrepancy between the copies in my DVDs (both have 351,298,472 bytes) and the redownloaded one (351,305,440 bytes, 6968 bytes more). Unfortunately I didn't make a note of the exact size of the firstly quarantined and deleted copy.

    Just in case it matters, yesterday an infected shortcut (with Exploit.Win32.CVE-2010-2568.gen) was detected in my desktop (and quarantined) while booting up Windows XP (likely by the on-access scanning, although the shortcut isn't supposed to run) and today I've deleted it, and Windows Vista is unable to do automatic updates since February 15th because it detects an 8024402f error, what I have tried to fix several ways w/o success yet (it could be malware, but I haven't detected any infection under Vista yet).

    Concrete questions:

    - Does the currently downloadable zaSuiteSetup_101_079_000.exe have exactly 351,305,440 bytes like my "infected" copy (possibly false positive), 351,298,472 bytes like my "good" one, or none of them?

    - Can files of the same product (ZA Security Suite) same version (10.1.079.000) be different at different dates (Dec 28th and Feb 22nd)?

    - Could I be infected by malware that appends the additional 6968 bytes?

    - Could it have caused the other XP infection and/or the Vista Automatic Updates malfunction too?

    -----------------------------------------------------------
    ZoneAlarm Security Suite version: 10.1.079.000
    vsmon version: 10.1.079.000
    Driver version: 10.1.079.000
    Anti-virus engine version: 8.1.8.79
    Anti-virus signature DAT file version: 1079380640
    AntiSpam version: 6.3.1.4971
    ZoneAlarm Browser Security: 1.5.350.0
    ZoneAlarm ForceField Spyware Scanner: 1.5.53.235
    ZoneAlarm ForceField Anti-Phishing Database: 1.2.104.0
    ZoneAlarm ForceField Spyware Sites Database: 04.155

    Windows XP SP3
    Windows Vista SP2
    (multiboot in separate partitions, any is C: when booted, any is visible as D: by the other OS)
    Last edited by factor; February 21st, 2012 at 05:29 PM. Reason: specs added

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] ZA ISS missed a trojan --> False Positive
    By ZATop2 in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 9
    Last Post: April 12th, 2011, 07:47 AM
  2. [SOLVED] False Positive: ffmpeg.exe --> Report to Kaspersky
    By benreffell in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: February 12th, 2011, 06:22 AM
  3. [SOLVED] Trojan-Spy.Win32.Agent.bloy possible false positive
    By factor in forum Malware Discussion
    Replies: 7
    Last Post: November 21st, 2010, 11:04 PM
  4. [SOLVED] False-Positive for Trojan Backdoor.Win32.Rbot.amhq
    By mirra508 in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 0
    Last Post: September 14th, 2010, 05:09 AM
  5. [SOLVED] Cant get helpsvc.exe out of quarantine --> False positive
    By rinda in forum ZoneAlarm Configuration
    Replies: 3
    Last Post: August 6th, 2010, 05:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •