ZoneAlarm Free and the ZeuS.Zbot.aoaq

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by randommayham, Sep 27, 2010.

  1. randommayham

    randommayham Private E-2

    I have been using ZoneAlarm for some time now, and it has been a good free software firewall. I have not had any issues related to it; it is free, easy to use and effective as far as I can tell.

    I got an email from them referring to their blog entry, ZoneAlarm Popup Message Explained:

    http://blog.zonealarm.com/blog/2010/09/the-popup-message-in-zonealarm-free-firewall-was-intended-as-an-alert-to-a-virus-our-technology-discovered-we-wanted-to-proa.html

    From what I can tell, ZoneAlarm Free had a virus warning message pop-up, informing them that this version of ZoneAlarm Free did not protect them from a recent virus called ZeuS.Zbot.aoaq.

    People, thought this was an ad to scare them into buying something, I guess because it looked like some fake warning.

    Looks like as soon as ZoneAlarm discovered this issue, they made this post and informed everyone of the issue.

    I appreciate that they went to this effort, and updated the latest version of ZoneAlarm Free to not have this issue. It shows that they really do care about their product, unlike some companies who would ignore it.

    At least I know there is a new virus floating around the internet.

    What kind of virus is this?

    Can ZoneAlarm now block this virus?
     
    randommayham, Sep 27, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is not a new infection nor is it something that we have seen ZoneAlarm block nor have they removed it. Neither has any other tool completely. Typically it has required manual interverntion. A couple of the common files seen were any of oembios.exe; ntos.exe; sdra64.exe; twex.exe; twext.exe being run on top of userinit.exe on boot up. You can search on ntos.exe and see that it has been around for quite awhile ( at least since 2007 ).

    However Kaspersky did later create a program named ZbotKiller in an attempt to remove this. You can see info on it here:

    http://support.kaspersky.com/faq/?qid=208280039

    Note sure of how effective it was/is.

    Oh and by the way, just to show that Zonealarm did not fix this malware, their own website even posted the info to use Kaspersky's ZbotKiller: http://www.zonealarm.com/security/en-us/av-resources/zbotkiller.htm

    And in fact Kaspersky is the actual engine that Zonealarm uses in their program.

    Yes this was quite a bad idea on their part and they tried to cover it up later with some hand waving, but this only served to hurt their reputation significantly since they were behaving like a rogue tool and trying to trick you into buying their software.
     
    Last edited: Oct 4, 2010
    chaslang, Oct 3, 2010
    #2
  3. randommayham

    randommayham Private E-2

    Thanx for your info on this.
     
    randommayham, Oct 4, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Oct 5, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds