Hi guys,

I'm back from being Linux-only and have updated to NOD32 v3. Although I have a solid SPI hardware firewall I decided to add a software firewall to my newly-installed XP Pro box simply because it's easier to control outgoing applications/connections that way.

I downloaded ZoneAlarm personal/free edition and when I launched the .exe noticed it was simply a download app to grab the "real" install file. NOD32 blocked and deleted it. So I temporarily disabled NOD32 and downloaded the file to the desktop, then re-enabled NOD32.

Again NOD32 blocked the install citing ad-ware installer. I allowed it thorugh (declining the offer of an anti-spyware toolbar addon) and re-enabled NOD32 again. After a reboot NOD is still throwing up "deleted" showing that the original install file was found by NOD32 in the recycle bin and eliminated.

Here's the log file:

{QUOTE-> 06/05/08 22:10:13 Real-time file system protection file C:\DOCUME~1\Lee\LOCALS~1\Temp\050608220919\~GLH021b.TMP a variant of Win32/AdInstaller application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\Lee\LOCALS~1\Temp\GLB2799.tmp. <-QUOTE}

I've set up NOD32 using Blackspear's XML file if that's any help. Is this a false alarm, or is something up? I have a 'clean' hdd image backed up on a spare partition from yesterday, with all SP2 and my main apps installed/activated etc just in case.

Thanks in advance.

Lee

Without being in the position at this time to download the file and check the latest, all I can offer is that months back Checkpoint\ZoneAlarm offered the Spyblocker and\or Ask Searchbar toolbar as part of the installation. It was this toolbar that AV programs were reporting.

ZoneAlarm toolbar bundle raises a ruckus (http://blogs.zdnet.com/security/?p=759)

Bubba

This also happens with some builds of Nero. The bundled Ask searchbar always raises a big holler from nod32.
Quite rightly so.

Hi There,

I also have this problem with ZoneAlarm free v7.0.473 (after trying to download the file a few times and finally it dawned on me to check the Nod32 logs), although I am using Nod32 v2.7


Just a add some more things that I tried:

I downloaded the full Zonealarm Security Suite trial version and that installed OK - so I guess it doesnt include the Toolbar ?? However, I dont want the Zonealarm Security Suite because it contains a whole lot of other antispyware/antispam crap that I dont want on my system. I am just after the simple, free Zonealarm firewall

I downloaded an older version of Zonealarm Free v.7.0.408 from
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
This installs and works fine - so I guess the Toolbar was added sometime after version 7.0.408 (September 12, 2007)

Based on the ZD blog article from Bubba it seems that versions 7.0.462.000 (December 14, 2007) and onwards are the culprits


Nod32 Threat Log:
"04/05/2008 13:21:15 PM IMON self-extracting archive ht tp://download.zonealarm.com/bin/free/1023_zl/zlsSetup_70_473_000_en.exe a variant of Win32/AdInstaller application Connection terminated"

I realise this is more a Zonealarm problem, but I just though I would add it here in case someone had discovered a workaround in getting it to install successfully without Nod32 deleting it

Thanks for the replies folks :) As I said in my OP, ZA did offer to install a toolbar (anti-spyware) but I declined. I'm guessing the .exe unpacked the toolbar installer as it installed the firewall and NOD picked that up. Good catch anyways :)

Thanks for your time.