Trojan? or False Positive?

[Logan]

Hey all. Well I did a virus scan with avast nothing as usual ^_^ Then I did a CounterSpy scan same thing. Adaware had only two little cookies there, then ZoneAlarm did an Automatic scan and it found two Trojans... Yeah.. anyways I download Spybot Search and Destroy and did a scan nothing came up just two little cookies. Here is the names of the "Trojans" I did a google search on both of them by their name and nothing came up

Win32.ProcessKill File: C:\System Volume Information\_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP23\A0000965.dll
File: C:\Documents and Settings\Logan\Local Settings\Temp\nseE.tmp
Directory: C:\Documents and Settings\Logan\Local Settings\Temp\nseE.tmp


and Win32.Dialer.Fotosex (This was interesting seeing how I don't look up porn or anything like that)
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT

Is this a Trojan? or is it just Zone Alarm acting weird? Also I heard that Trojans gather Info and are kind of in a grayish area betwean virus and Spyware. Should I go through the hassle of Reconfiguring my computer if I do find a Trojan? or is that just being paranoid? Thanks in advance

P.S I posted here as well as the Zone Alarm forums but it seems people here know a little more about worms and such

[DavidR]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

You can't do much about the one in C:\System Volume Information\_restore as this is windows protected storage, a part of system restore. The only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.

Win XP-ME - How to disable System Restore

[Logan]

I did remove the files and it did not re-detect them.  But is my computer now screwed?  Will I need to Reconfig?

[Spiritsongs]

   Hi Logan :

      SPECIFICALLY, what Zone Alarm product was used ?
      AND was it an online scan ?

[DavidR]

There is no way to tell if you have got rid of them, deletion is never a good first option.

However, since the majority were to be found in the Temp folders I would think not, you can do a google search for nseE.tmp and see if it brings up anything. There is only one hit that mentions Patchmaker.

Having two resident anti-virus scanners and I'm assuming that the ZA anti-virus is resident (active) ?

[Logan]

No I did not use an Online scanner I used Avast    Also I'm using Zone Alarm Pro.

[Lisandro]

Win XP-ME - How to disable System Restore

Follow David's advice.
Do a boot time scanning with avast (or a thorough scanning).
Enable System Restore only after that 

Oh, using ewido and/or a-squared scanning is a good thing too 

[Logan]

well I reconfigured my computer, Downloaded all my security software and updated it.  Then I installed my drivers. I then scanned with Zone Alarm and the same two "Trojans" came up. This leads me to the belief that this is a False Positive. Dose this sound correct?

[Logan]

Well I did a scan with Ewido and no "Trojan" came up just a few little cookies.  So is this a False Positive? and if so how do I got about reporting it? Thanks for all your help guys

[DavidR]

As I said:

Having two resident anti-virus scanners and I'm assuming that the ZA anti-virus is resident (active) ?

Perhaps it is decision time as to which resident AV you have installed. Ewido and a-squared can be run as on-demand (non resident scanners and they aren't AVs).

[Logan]

I use Avast Anit-Virus this is the only Anti-Virus I use. It's home edition by the way

[DavidR]

So where did this come from then ?

then ZoneAlarm did an Automatic scan and it found two Trojans...

And this

well I reconfigured my computer, Downloaded all my security software and updated it.  Then I installed my drivers. I then scanned with Zone Alarm and the same two "Trojans" came up. This leads me to the belief that this is a False Positive. Dose this sound correct?

[Logan]

So where did this come from then ?

then ZoneAlarm did an Automatic scan and it found two Trojans...

And this

well I reconfigured my computer, Downloaded all my security software and updated it.  Then I installed my drivers. I then scanned with Zone Alarm and the same two "Trojans" came up. This leads me to the belief that this is a False Positive. Dose this sound correct?

Because Zone Alarm Pro uses Anti-Spyware scan. Trojans are recognized by bother Virus and Spyware scans on average. Avast is a Virus scanner Zone alarm is a Spyware scanner

[DavidR]

I was concerned that it might have been the ZA security Suite which includes anti-virus.

My firewall Outpost Pro also has a resident anti-spyware plugin but I disabled it as I have other on-demand anti-spyware AdAware, Spybot, SpywareBlaster and Ewido and I can run those if I fel I need a second opinion rather than have a resident anti-spyware runing. This could slow boot as it wil have an interaction with avast as for each file that ZA wants to scan avast will also scan, this duplication slowed my boot considerably.

[Logan]

That's interesting... I have noticed that my boot time is slow and viewing webpages.... Could Avast and Zone Alarm Pro working together slow down webviewing as well?

I was concerned that it might have been the ZA security Suite which includes anti-virus.


I was concerned that it might have been the ZA security Suite which includes anti-virus.


I am not sure what you mean here.  I am not too familiar with all the aspects of ZA