I have this and other installers, documents and stuff in a partition of my HD set aside for that. I also record the contents of this partition to rewritable DVDs from time to time. All of this for backup purposes.
A manual scan performed some hours ago detected Trojan-Downloader.Win32.Banload.btbm in the HD copy of this file. The file was quarantined automaticly and I suspected it could be a false positive, so I waited.
A while ago I thought that I could scan a copy burnt to RW-DVD. I have two of them, recorded on January 1st and January 18th this year (I use 3 sets of DVDs cyclically, the other was recorded in November 28th 2011 and the zaSuite installer stored in them is older; if it matters it has icon unlike the 10.1.079 ones). The file was downloaded to my HD in December 28th, installed in my OS's, and recorded to DVDs in the said dates. I scanned the January 1st copy and turned out clean, so I decided to delete the quarantined copy and redownload the file.
The redownloaded file has the same virus! There's also a file size discrepancy between the copies in my DVDs (both have 351,298,472 bytes) and the redownloaded one (351,305,440 bytes, 6968 bytes more). Unfortunately I didn't make a note of the exact size of the firstly quarantined and deleted copy.
Just in case it matters, yesterday an infected shortcut (with Exploit.Win32.CVE-2010-2568.gen) was detected in my desktop (and quarantined) while booting up Windows XP (likely by the on-access scanning, although the shortcut isn't supposed to run) and today I've deleted it, and Windows Vista is unable to do automatic updates since February 15th because it detects an 8024402f error, what I have tried to fix several ways w/o success yet (it could be malware, but I haven't detected any infection under Vista yet).
- Does the currently downloadable zaSuiteSetup_101_079_000.exe have exactly 351,305,440 bytes like my "infected" copy (possibly false positive), 351,298,472 bytes like my "good" one, or none of them?
- Can files of the same product (ZA Security Suite) same version (10.1.079.000) be different at different dates (Dec 28th and Feb 22nd)?
- Could I be infected by malware that appends the additional 6968 bytes?
- Could it have caused the other XP infection and/or the Vista Automatic Updates malfunction too?
ZoneAlarm Security Suite version: 10.1.079.000
vsmon version: 10.1.079.000
Driver version: 10.1.079.000
Anti-virus engine version: 22.214.171.124
Anti-virus signature DAT file version: 1079380640
AntiSpam version: 126.96.36.19971
ZoneAlarm Browser Security: 1.5.350.0
ZoneAlarm ForceField Spyware Scanner: 188.8.131.52
ZoneAlarm ForceField Anti-Phishing Database: 184.108.40.206
ZoneAlarm ForceField Spyware Sites Database: 04.155
Windows XP SP3
Windows Vista SP2
(multiboot in separate partitions, any is C: when booted, any is visible as D: by the other OS)