Hi, i was looking through my LOG, & from nearly 2 months ago i found these ! Infection detected: c:\windows2\system32\svchost.exe [MD5: 8F078AE4ED187AAABC0A305146DE6716] [17/40100040] [(null)] Infection detected: c:\program files\zone labs\zonealarm\zlclient.exe [MD5: 05BD6FE6F859912F4167B60485D7F55F] [17/40101040] [(null)] I can't remember if i was testing some App or Malware @ the time. I doubt if i was testing Malware etc though, as i would have gone into Shadow Defender mode, & therefore the WSA Log would not have been saved after rebooting. Anyway i don't recall Ever seeing ANY alert from WSA that either of these two items had been infected ? 1 - Could thee be FP's ? 2 - What does (null) mean ? TIA
That sounds like it was a false positive that the backend caught as it was responding, so it didn't include a malware group name.
Those 2 .EXE's are amongst several i have set to BLOCK in Active Connections. So i'm wondering if that has Anything to do with it ?
It shouldn't be related to active connections but would show when blocked from the active processes list.
Hi, on further inspection of the LOG file, i see other Apps that are set set to also BLOCK in Active Connections, that show the same thing. So i have a feeling it is "somehow" related ? The Infected (null) listings only show up on those Apps that are set to BLOCK. They are also Blocked in my ZA FW.
This line's MD5 shows on this report at ThreatExpert: http://www.threatexpert.com/report.aspx?md5=86fee6e90b14b01a9fc25452cf27f224 Spynet server Just FYI...
@ dbrisendine Well thanks for checking @ PrevxHelp Using FileAlyzer - svchost.exe md5 = 8F078AE4ED187AAABC0A305146DE6716 which agrees with your figure I also get this ? Anyway, i feel there is some ? interaction between WSA & ZA, regarding those (nulls)
I think it is probably just the local blocking you've put in place - it wouldn't have a malware group name if determined locally so it wouldn't show one.