Verified that each executable was original and legitimate process and had not been infected with malware using Kaspersky Online File Scanner, these are the results:
I love Kaspersky, but it isn't perfect. Even Kaspersky can miss an infection, especially a new one. In addition, a virus is only one type of infection, there are many other types.
I have installed 2 a different AV software, AVG and Norton Antivirus
Having more than one AV installed on your computer can cause conflicts. I recommend removing AVG.
I also ran several spyware utilities such as Spycop, Adaware, spywaredetector and my always active Zonelabs one, Results
I can't find any info on Spycop, and I'm not familiar with it. Spywaredetector used to be rogue, it would find false positives. If this is a newer version, then it is okay. See
Spyware warrior's rogue anti-spyware list for more info.
I am pretty sure this problem is a little more complicated then a simple malware infection.
You wanna tell that to the malware experts? I think they'd hardly call malware infections simple. There are some very nasty ones out there, and some very tricky ones too.
Wow?! Really? Which part of the log told you this?
Here is how I came to that determination
I am currently in training, and I was told one of the tricks of identifying a legitimate entry from an identically named infection was by looking at it's location. See where these two are located?:
isafe.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe
vsmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Upon seeing these two entries, I immediately thought "infection". And through thorough searching, I found
this. A worm which disguises itself as ZoneLabs's executable vsmon.exe. However, because of your last post, I decided to install ZoneAlarm on my own computer to see it's characteristics. Apparently vsmon.exe is one of those rare 3rd party programs that are suppose to be in the System32 folder.
But as for isafe.exe, it was NOT installed on my computer when I installed ZoneAlarm. In fact, you said that isafe.exe is part of eTrust Antivirus. And yet it is in a ZoneLabs folder in System32! You did not say that you had eTrust, so I remain suspicious about this file. In fact:
isafe.exe - (Unable to verify)
vsmon.exe - (Verified)
zlclient.exe - (Verified)
All three of those are in that ZoneLabs folder in System32. Why is isafe.exe unable to be verified, but the others are? If you don't have eTrust, where did isafe.exe come from? isafe.exe shoud be in the C:\Program Files\CA\eTrust Vet Antivirus\ folder, like in
this person's HijackThis log. This could be a new infection, or maybe there's a bit of info that I'm missing. Like I said, I'm in only in training. But I remain suspicious, unless a malware expert says otherwise, or unless you can verify what isafe.exe really is.
If you are really convinced it is not an infection, I would recommend starting a topic in the Networking Forum and telling them what you told me earler:
When I disable the network status icon appearing in the system tray all is fine no more buffer overflow issues or memory loss.
The connection is using Netmon Packet Capture driver and I can not disable or uninstall it as it simply freezes and hogs the CPU when I try. Maybe this has something to do with it?
If it isn't an infection, I don't know what to suggest next, other than going to the Network Forum and telling them that.
Edited by computerwiz12890, 14 January 2006 - 03:16 PM.