Re: Win32.Trojan.Spy.Agent.kb detected by ZoneAlarm Internet Security

From: "Densha188" <Densha188@xxxxxxxxxxxxxxxxxxxxxxxxx>

| On one of my computers running WinXP Sp2 with Zone Alarm Internet Security
| Suite Ver. 7.0.470.000 and ver. 7.0.473.000
| Anti-virus engine version 3, DAT file version 9551551049
| Anti-spyware engine version 5.0.189.0, DAT file version 01.200805.3945
| AntiSpam version 5.0.6.8903
|
| After doing a scan with ZA Anti-spyware, it detected
| Win32.Trojan.Spy.Agent.kb as a medium level threat trojan. It detected in the
| Windows Registry file.
|
| RegistryKey:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
\0005
|
| After Quarantine and deleting it and doing another scan just to amke sure,
| ZA reports no more trojan. But when I shutdown the computer and turn off the
| power supply for a few minutes and then turn it back on. Rebooted the
| computer and login in. I did another anti-spyware scan and it found that
| trojan again in the registry. It seems to come back when it detects an
| interent connection. Since I'm on a LAN and it's always connected to the net
| via router.
|
| So how do I fully get rid of that trojan. I already tried an older backup
| image of WinXP I had made back in Dec.2007, but that didn't help. The only
| other way I can think of is re-formate to entire computer.
|
| Also do you guys think that my other files on the other drives maybe infected?

The below is incomplete..

HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0005

There must be MORE to the malware infection. Either this is a False Positive or the ZA ant
malware utility is failing to detect the rest of this Trojan, Win32.Trojan.Spy.Agent.kb .

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.