Am I Infected by Adobe Flash update?

[oldnews]

I too have this malware. I believe it came through a recent Adobe Flash update. ZA called it "Medium" threat, but instructions say all the scary stuff about how it can take over your computer, etc., etc. So far I have experienced no slow down or unresponsive programs. It just keeps turning up in my quarantine, I keep deleting, etc. and the next day it reappears.

I recently tried deleting, then scanning with Malwarebytes, then manually turning off system restore, rebooting, and turning it back on again. But the next day there it was again. I am wondering if the instruction to reboot your computer or the software will not install (after the ZoneAlarm scan) is new and perhaps a part of the virus syndrome. I don't remember being instructed to reboot after previous scans. It certainly does behave like a reinfection.

Like previous writer, I also am unable to update my version of ZASS from 7 to 9 (ZA says because I missed a version when I was not using this computer, it's first necessary to uninstall 7, save settings, reinstall, apply settings, etc., etc - way beyond me - and my tech is not calling me back so may be out of town.

Wondering if I should try working through one of the other download suggestions myself...and how much danger I'm in just waiting a day or two. Also whether it matters if computer is on or off or what I do with it while waiting for his return. And whether I should change my Adobe program controls. I am not sufficiently skilled to remove parts of these - nor would I know which ones are essential to the working of the software.

Thanks...

For the record I have a Dell laptop,running XP, use IE, and as noted above, have all kinds of Adobe programs on my computer. I believe though it was a FLASH update I clicked on and this is what I am seeing elsewhere on the WWW when I research this particular virus.

[naivemelody]

oldnews, it is always adivisable to explain the specific/ details of any particular issue. Your using old 7.0 ZA Suite which has both av and anti-spy:
- which exact vesrion of 7.0xxx?
- which detection the anti-virus or anti-spy?
- always list the name of the detection/ suspected malware and the file path it was found in - then check ZA Form to find if others have had it - sometimes they are false positives ( I've seen false positives on other Adobe updates before in this forum) [as soon as first detection - always write down 'all' info provided.]
- XP SP2 or XP SP3? better to have SP3
- IE 7 or 8? better to upgrade to IE8

> Adobe Flash Player 10.45.2 - click here > http://forums.zonelabs.com/showthread.php?t=73124

> New Security Update Bulletin for Adobe Reader/ Flash > http://www.adobe.com/support/securit...apsb10-08.html

> if you believe you are really infected - click here > http://forums.zonelabs.com/showthread.php?t=70448

(my guess is you have a false positive; but we'll have to wait to you post back with more details)
__________________________________________________ _____
NaiveMelody NYC - 3-3-10 - Ain't Nothing Like The Real Thing - Marvin Gaye & Tammi Terrell

[oldnews]

Thanks very much...

Here is my version of ZASS:
ZoneAlarm Security Suite version:7.0.483.000
TrueVector version:7.0.483.000
Driver version:7.0.483.000
Anti-virus engine version:3
Anti-virus SDK version:5.0.1.85
Anti-virus signature DAT file version:1013153301
Anti-spyware engine version:5.0.189.0
Anti-spyware signature DAT file version:01.201002.7175
AntiSpam version:5.0.6.8903

Here is location:
c:\windows\system32\macromed\Flash\FlashUtil10d.ex e

I did absentmindedly click on the Adobe Flash updater recently. But it looked legitimate. I stopped the download because I hadn't meant to do it then.

Name of is Win32.KSTP. It shows up as "infection" medium severity, turns up in spyware quarantine, I believe, though unfortunately, I just deleted it so can't doublecheck.

I have found another thread on this forum for KSTP also associated with Flash and involving someone running an older version of ZA. Also one reference by someone in France, also Adobe related, appears on WWW. No Trojans of this name appear on any official lists I could find.

Now that a guru has said it isn't necessary to save my settings, I guess I feel more confident about uninstalling version 7 and installing version 9. Assume this can be done just by going through the usual program controls from START menu? And nothing further needs to be done to my Adobe files?

One more clarification: I did scan the whole C drive with Malware bytes and no infection showed up.

Thanks again for your help.

[naivemelody]

No, you can't just use the 'add/ remove' method, please see/ click here:

> http://forums.zonelabs.com/showpost....59&postcount=6

...Before you Uninstall your current ZA, UNcheck "Load ZA... at startup" (under Overview - Preferences tab)

3. Reboot/ restart the Computer. So that vsmon.exe/TrueVector will be removed from Memory

4.) Now use the new ZoneAlarm Removal Tool: Click here > http://download.zonealarm.com/bin/fr...cpes_clean.exe
...continues...


To download latest version ZA Suite 9.1.008 > http://download.zonealarm.com/bin/fr...seHistory.html

The new version will be different to your old version; 'you can find info' on all changes thru out this forum and elsewhere- do not be alarmed .
__________________________________________________ ______
NaiveMelody NYC 3-3-10 - We Can Work It Out - The Beatles

[fax]

Quote:

Originally Posted by oldnews

Name of is Win32.KSTP. It shows up as "infection" medium severity, turns up in spyware quarantine, I believe, though unfortunately, I just deleted it so can't doublecheck.

It is a false positive, i.e. wrong detection of a harmless file. This is because the standalone antispyware engine in ZA 7 has been phased out and does not get anymore updates.

New ZA 9 has a unified antivirus/antispyware engine, lighter and faster
Try to keep your ZA always update and active. Also remove any other security tool installed before proceeding with the upgrade.

Cheers,
Fax

[oldnews]

Thank you both. Will do as instructed.

[oldnews]

Thanks again to all for your advice. I have updated and scanned and ZA found one virus...but a real one this time. The ersatz bug did not show up.