BOAC

I have a recurring pop-up(lucky me...) this AM claiming to be a ZA warning of an update to prevent Win32 Sality virus reported to be 'spreading rapidly'.

I cannot find anything on the ZA sites and this virus has been around for a few years. Just a bit suspicious!

Tarq57

Do you have the ZA suite installed, or just the firewall?
I wouldn't have thought that the free version of any firewall, for example, would create such a prompt.

Sality is not one to be trifled with, it's a polymorphic file infector. Hard to remove. Trashes stuff.

If ZA is genuinely prompting for an update, and you're certain it's a kosher source (does ZA have a user forum/could you google the prompt?) it should be good to update it.

BOAC

Its the 'free' firewall - hence my suspicion. I'm 'familiar' with the perils of Sality!

Nothing found yet on any Google search or ZA forums.

Tarq57

I would be extremely suspicious of it. I'd run a scan with MBAM (I think you have this one; update it first).
It sounds like the sort of popup those rogue antivirus apps use.
Check in task manager, if you're reasonably familiar with the process names, to see if there's anything there that shouldn't ought to be.

BOAC

Yup - all the above will be done of course. I 'delayed' the kind offer of the update earlier.

rans6andrew

I had the same "offer" popup this morning. I looked via the task manager and didn't spot anything odd there so I launched MBAM and updated it.

When I started the MBAM scan the MBAM window went to "not responding" for about a minute and then the scan appeared to start in the normal way. Very strange.

It is still running so I don't know if it will find anything, yet.

Rans6...

rans6andrew

it ran for nearly and hour and found NOTHING!

Mike-Bracknell

Some malware intercepts MBAM and will stop it from running correctly.

Try changing the executable name of MBAM and re-running it. The "not responding" is quite suspicious.

BOAC

I suspect this is all quite innocuous - an outbreak of paranoia on my part, although others seem 'bothered' by it too elsewhere. I have now gone straight to ZA downloads and indeed there is a new version (9.2) which I now have.

If only they had put up the 'standard' ZA 'update available box' I think none of this would have happened.

rans6andrew

since my recent post in this thread it has occurred to me that I should have mentioned that I was suspicious of the machine before today. For about a week or ten days it has been telling me, whenever Firefox launches, that FF is not my default browser, to which I always respond with "make it" and "check every time" which it clearly does not take on board. I am then blessed with the "FF has installed new helpers/addons/toolbars" and Zone Alarm behaving like I have a new version of FF. I always reject all of these things (I hate all of the extra guff that steals space in the browser by adding yahoo search tools etc) and stick with the dictionary option only.

Maybe I need to remove and re-install FF as it seams to have got its undies in a bunch.

Rans6....

BOAC

Since installing 9.2, no more 'pop-up' boxes.

critter592

I had the same pop-up; it seems that it is legit:

zonealarm virus warning: fake or not? -> NOT - ZoneAlarm User Community