I was doing a scan at zonelabs and they detected the adware weatherbug. I did a search of my computer for the AWS folder and I don't have it. I did a weather.exe search and nothing. Not detected by Adaware, S/D, NAV 2005. So how come it's coming up at zonelabs?

some security apps don't alert on weatherbug anymore. so it could be on your comp somewhere with another app such as netscape browser, and there are more programs that bundle weather bug also. ZA6 could just be alerting to WB trying to call home to update it's weather info. You might check anything you have downloaded lately to see if WB might be bundled with it.

-{ Quote: "I was doing a scan at zonelabs " }-Are you speaking of ZoneAlarm Online Spyware Scanner (http://www.zonelabs.com/store/content/promotions/spywarescanner/index.jsp) ?

If so....does it not present the results like the pic below. If you click on the plus sign....where in the registry did it think it found Weatherbug ?

For me on this workstation....it found what it thought was Weatherbug....but in actuallity it was Internet Explorer Address bar and IE's Links Bar :o

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
01E04581-4EEE-11D0-BFE9-00AA005B4383
0E5CBF21-D15F-11D0-8301-00AA005B4383

Hey Bubba, that's the scan I used and that's exactly what it showed me except for the last 2 entries. Just the weatherbug one. Does that mean ZA scanner mistook it for the weatherbug entry? I went to regedit and I did saw those values. Not only in the webbrowser folder but the shellbrowser folder also. Should I disregard the flag by ZA?

Also I looked up weatherbug at norton and tried to find the reg keys/folders/files/values that accdg. to symantec the weatherbug creates but I couldn't find any.



I am planning to finally install sp2 that's why I'm trying to clean my unit. Thanks for the replies.

-{ Quote: "Hey Bubba, that's the scan I used and that's exactly what it showed me except for the last 2 entries." }-Yeah....that was a workstation that I hopped on yesterday....and those "last 2 entries" can be overlooked.-{ Quote: "Does that mean ZA scanner mistook it for the weatherbug entry? I went to regedit and I did saw those values. Not only in the webbrowser folder but the shellbrowser folder also. Should I disregard the flag by ZA?" }-Yes....those were False positives by that ZoneAlarms scanner....and as you saw....they were IE's webbrowser\shellbrowser reg entries related to the info I gave in my first post. Simply disregard those entries....ever thing is fine.

Don't hesitate to post back if some other scan shows items you are not sure of.

Thanks Bubba. I read in a ZA forum that some purchased the full versions of the ZA product afer they were flagged with that weather bug. But when they used it it couldn't detect the bug. It was just a marketing gimmick plain and simple. I have disregarded it and just got the basic firewall . :)

pardon my ignorance but the button that made the firewall text move is neat.

People still using weatherbug?