ZONE ALARM PRO deep scan

Discussion in 'other security issues & news' started by guitarelf, Dec 7, 2005.

Thread Status:
Not open for further replies.
  1. guitarelf

    guitarelf Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    90
    Location:
    East London, UK.
    About once a month, I run the Deep Scan (the one that takes at least two hours) in the spyware section of ZAPro. Until now, it's never found anything. Last night it found "U-Scan", identified as a high-level threat, stand alone adware program. Also yesterday, I received a dubious-looking email that claimed to be from the Broadband Team at AOL, asking me to click on some lilac-coloured squares, because "I won't believe my eyes..." I DO believe my common sense & deleted the email (genuine or not!!)
    Could there be a connection between "U-Scan" & this suspicious email?
    Any thoughts anyone?
    Guitarelf. :doubt: :)
    I just made it from "infrequent" to "regular" poster....well done me!!
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I've never had the patience to do a deep scan with ZAP - I prefer the quick scan which only takes 30 secs on my machine!

    I don't know much about UScan, except that it is a mail bomber:-

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=6466

    Presumably it would have sent you rather more than one dubious email if it got installed and had the chance.

    What did ZAP find - was it an .exe file (such as !4557.exe), or was it just a Registry 'trace'? Was it installed or was it just lying about in an archive? Because it apparently required a 'deep' scan to unearth it, this latter possibility seems likely, in which case it would not have harmed you (or sent you a bogus AOL email).
     
  3. guitarelf

    guitarelf Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    90
    Location:
    East London, UK.
    I set up the deep scan just before going to bed & then leave it to run! I'm a light sleeper so I invariably wake up a couple of hours later & logoff!! I don't have the techsavvy to give you a proper answer to your subsequent question. ZAPro quarantined the offending nasty, I then decided that removal was the appropiate course of action, which, having just read your link about the "mail bomber", would seem to have been the right thing to do!
    Very grateful for your time & expertise,
    Guitarelf. :)
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    It doesn't sound as though it has done you any harm, but you do have to consider the possibility of a false positive. If you look in ZAP's Alerts & Logs/Log Viewer section and select 'Anti-Spyware' in the 'Alert Type' drop down box, you should be able to see entry details that give the full file path of whatever was removed and quarantined.

    By knowing the file and file path, or Registry entries as appropriate, you can get a better idea of whether to delete something or not.

    Of course, while the file is kept in Quarantine you can always reinstate it later. But if it really was the UScan Trojan then deletion was the sensible thing to do.
     
  5. guitarelf

    guitarelf Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    90
    Location:
    East London, UK.
    Very helpful, t.v.m.
    GElf. :)
     
Thread Status:
Not open for further replies.