Author Topic: Whether "win32:zbot-mkk" it also a false alarm?  (Read 4895 times)

Offline krys76

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Whether "win32:zbot-mkk" it also a false alarm?
« on: December 03, 2009, 07:03:47 AM »
Whether "win32:zbot-mkk" it also a false alarm?

Offline cromag

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #1 on: December 03, 2009, 07:07:47 AM »
I hope so.  I had "zbot-mkk" report on my computer in addition to the "delf-mzg."  I've updated to the new virus database, but I have not yet completed a full scan.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #2 on: December 03, 2009, 07:09:54 AM »
Do you have the updated VPS - 091203-1 downloaded from Avast on your machine yet before doing your scan?
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline cromag

  • Jr. Member
  • **
  • Posts: 50
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #3 on: December 03, 2009, 07:12:29 AM »
If you're asking me, yes.

After updating the virus database I rescanned the "delf-mzg" file that I quarantined.  It came up as "no virus" so I restored it.  By the time I encountered the "zbot-mkk" report I suspected a false positive problem and I was telling Avast! to take no action, so it's still on the computer.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #4 on: December 03, 2009, 07:27:03 AM »
I just alerted the mods. about this.   
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #5 on: December 03, 2009, 07:48:35 AM »
Yes, it's the same story.
I've updated the statement thread accordingly: http://forum.avast.com/index.php?topic=51647

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline deathracer

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #6 on: December 03, 2009, 11:40:38 AM »
I seriously thought my computer was infected last night with DELF-MZG adn Zbot-MKK and allowed Avast to delete the reported infected executables.  (Adbobe, Nero, and many more of my programs) When it got to some infections in my Win32 folder, I was expecting post boot problems and sure enough, my computer will not get past the BIOS post now.
I'll be trying a Windows repair install today and if successful a re-install of the now damaged programs.

I'm only posting this as FYI as to the possible impact of this problem on other users.
 

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #7 on: December 03, 2009, 11:48:40 AM »
Even a boot into Safe Mode isn't possible?

We haven't had any reports on Microsoft (operating system) files being affected by the issue, so the system should hopefully boot.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline americanwageslave

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #8 on: December 03, 2009, 01:08:41 PM »
I also did a full scan and deleted all files. Before I did the scan I was unable to run multiple programs such as media monkey and peer guardian do to the "virus." After the scan completed it did start Windows successfully. However I am scared to reboot. There were some files that were detected in both windows temporary folder and windows system folder. Perhaps I can post the log later.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #9 on: December 03, 2009, 01:32:11 PM »
So you were deleting the files (as opposed to moving them to the Virus Chest)?
If at first you don't succeed, then skydiving's not for you.

Offline woogiez

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #10 on: December 03, 2009, 01:44:22 PM »
Just as a heads up, I tried putting my DLL's in the chest when the trojan false positive showed up, but I kept getting access denied and delete was the only thing that worked.

Offline americanwageslave

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Whether "win32:zbot-mkk" it also a false alarm?
« Reply #11 on: December 03, 2009, 05:57:57 PM »
I deleted as well for the same reason. Repair and move to chest did not work. I can post the log when I get home.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now