Zone Alarm.W32 Sality warning
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Zone Alarm.W32 Sality warning
I have a recurring pop-up(lucky me...) this AM claiming to be a ZA warning of an update to prevent Win32 Sality virus reported to be 'spreading rapidly'.
I cannot find anything on the ZA sites and this virus has been around for a few years. Just a bit suspicious!
I cannot find anything on the ZA sites and this virus has been around for a few years. Just a bit suspicious!
Do you have the ZA suite installed, or just the firewall?
I wouldn't have thought that the free version of any firewall, for example, would create such a prompt.
Sality is not one to be trifled with, it's a polymorphic file infector. Hard to remove. Trashes stuff.
If ZA is genuinely prompting for an update, and you're certain it's a kosher source (does ZA have a user forum/could you google the prompt?) it should be good to update it.
I wouldn't have thought that the free version of any firewall, for example, would create such a prompt.
Sality is not one to be trifled with, it's a polymorphic file infector. Hard to remove. Trashes stuff.
If ZA is genuinely prompting for an update, and you're certain it's a kosher source (does ZA have a user forum/could you google the prompt?) it should be good to update it.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Its the 'free' firewall - hence my suspicion. I'm 'familiar' with the perils of Sality!
Nothing found yet on any Google search or ZA forums.
Nothing found yet on any Google search or ZA forums.
I would be extremely suspicious of it. I'd run a scan with MBAM (I think you have this one; update it first).
It sounds like the sort of popup those rogue antivirus apps use.
Check in task manager, if you're reasonably familiar with the process names, to see if there's anything there that shouldn't ought to be.
It sounds like the sort of popup those rogue antivirus apps use.
Check in task manager, if you're reasonably familiar with the process names, to see if there's anything there that shouldn't ought to be.
I had the same "offer" popup this morning. I looked via the task manager and didn't spot anything odd there so I launched MBAM and updated it.
When I started the MBAM scan the MBAM window went to "not responding" for about a minute and then the scan appeared to start in the normal way. Very strange.
It is still running so I don't know if it will find anything, yet.
Rans6...
When I started the MBAM scan the MBAM window went to "not responding" for about a minute and then the scan appeared to start in the normal way. Very strange.
It is still running so I don't know if it will find anything, yet.
Rans6...
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Some malware intercepts MBAM and will stop it from running correctly.
Try changing the executable name of MBAM and re-running it. The "not responding" is quite suspicious.
Try changing the executable name of MBAM and re-running it. The "not responding" is quite suspicious.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
I suspect this is all quite innocuous - an outbreak of paranoia on my part, although others seem 'bothered' by it too elsewhere. I have now gone straight to ZA downloads and indeed there is a new version (9.2) which I now have.
If only they had put up the 'standard' ZA 'update available box' I think none of this would have happened.
If only they had put up the 'standard' ZA 'update available box' I think none of this would have happened.
since my recent post in this thread it has occurred to me that I should have mentioned that I was suspicious of the machine before today. For about a week or ten days it has been telling me, whenever Firefox launches, that FF is not my default browser, to which I always respond with "make it" and "check every time" which it clearly does not take on board. I am then blessed with the "FF has installed new helpers/addons/toolbars" and Zone Alarm behaving like I have a new version of FF. I always reject all of these things (I hate all of the extra guff that steals space in the browser by adding yahoo search tools etc) and stick with the dictionary option only.
Maybe I need to remove and re-install FF as it seams to have got its undies in a bunch.
Rans6....
Maybe I need to remove and re-install FF as it seams to have got its undies in a bunch.
Rans6....
Join Date: Aug 2008
Location: Nottingham, U.K.
Posts: 53
Likes: 0
Received 0 Likes
on
0 Posts
I had the same pop-up; it seems that it is legit:
zonealarm virus warning: fake or not? -> NOT - ZoneAlarm User Community
zonealarm virus warning: fake or not? -> NOT - ZoneAlarm User Community