zip_dump trojan virus?

[PetieG]

Recently i have been getting a virus alert from the on access scans -- it always is in my temp dir and is named zip_dump.exe -- or some combination of that filename (3936_zip_dump.dl_, 3936_zip_dump.cab, etc.).  I bet it's Google Desktop search using some util to index .zip files -- cause i'm getting this several times a day (and i've just started indexing yesterday).  It comes and goes from the tempdir.  Can anyone confirm this?  Avast Home safely deletes the file np -- did a full scan and nothing comes up.  Please let me know.  thx!!

[DavidR]

Well nothing comes up on a google search (strange if it is a google tool) for 3936_zip_dump.cab or 3936_zip_dump.dl_ or zip_dump.exe, which under normal circumstances I would say is suspicious.

What is the trojan name given by avast ?
What is the full path to the file/s ?

Some trojans deposit their contents in the temp folder/s so it may not be google's desktop search (I don't use it so I can't say for certain). However, if it were to do with the Google Desktop Search, other avast users would also be experiencing this and this is the first I've seen on the forums.

Download the program appropriate for your OS (?) and run it, Ewido Security Suite If using winXP or a-Squared free if using win98/ME, preferably from windows safe mode

[PetieG]

Name: Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\DOCUME~1\peter\LOCALS~1\Temp\3936_zip_dump.dll" file. 

Will run spyware app (will use Windows Defender).  will post if something comes up. TIA!!!

[CharleyO]

***

Welcome to the forums, PetieG.   

I doubt that Windows Defender will be enough ... or maybe not good enough. Appearently, you have XP as the OS though you still have not directly said.

Take David's advice and use the free Ewido which works with both W2000 & XP.   


***

[PetieG]

OK, sorry.. i have WinXP Pro SP2 current patches -- ran said spyware app ewido -- didn't find anything beside tracker cookies and instances of VNC i have laying around in a software directory.  Other than that i'm stumped -- this thing is popping up a few times a day... I still thing GDS is unzipping some files to scan in them... but i may be wrong.  I will disable gds for a few days and report back. 

[DavidR]

Also useful as a diagnostic tool for what is running on your system - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR - Post your hijackthis-Log here for a diagnosis: tomcoyote.org/hjt

[PetieG]

everything seems OK -- got a bunch of question marks -- but all seem to be for MacDrive (i have a dual-boot thinkpad w/ XP and OSX 10.4.5!! -- sweet!).  everything else checks out ok... will update in a few days to see if it comes back.. thx everyone.  !!!

[PetieG]

Well, several days w/ no GDS and no warnings... turn GDS on and this pops up again... i'm going to chalk this one up as GDS doing something ... i could be wrong though..

[Spiritsongs]

   Hi PetieG :

      I assume you mean you have the Google Desktop Search
      toolbar on your machine !? If yes, I would NOT have this
      popular, but to me "suspect" toolbar on my machine.
      Have been seeing "reports" of possible "problems" with
      it ; when I want to do a Google search, I go to their
      website and put in my "search term" & go from there.
      Much safer .

[Wraith Daquell]

The zip_dump is related to Google's GDS... not the sidebar but the actual engine. I'm contacting Google on it; will post back in a few days.

[PetieG]

Yes, well, it's not specifically the GDS toolbar, but the entire GDS product (sure beat's Outlook's searching capabilities). They just came out w/ a new version of which i have not tested -- but maybe it is fixed... !!>?? 

anyway, i'm on a Mac now so i'm not overly concerned w/ this problem anymore.  Thx!!

[Wraith Daquell]

The problem still persists in the new version. But hurrah that it's not bugging you anymore. 

[hypotaxis]

I had the same problem with zip_dump.exe. It turned out that it was an infected file but that it was in the attachment folder of my mail client but as a hidden file.

As GDS it's indexing it kept hitting the file and avast! was triggered. By running avast! with a "thorough" seach and making sure the option to search archived files was checked th file was found and deleted.

No more problems!