Yesterday When i started my computer in the morning my ZoneAlarm firewall didn't load automatically. Instead a screen came up that (I believe) only comes up when you first install ZoneAlarm (can't remember what it says, but you can either choose "yes" or "no, thanks" ) This seemed weird, but I was able to start ZoneAlarm manually, then checked to make sure it was still set to load at startup. The settings looked fine. I did some stuff in the Internet, left my computer for awhile, and when I came back I couldn't access the Internet. Whenever I tried to connect to a site my browser (Firefox 3) would just keep saying "waiting for (name of website)". I thought maybe my ISP was having trouble with their service (which does happen sometimes), so I decided to just wait and try again later. After a couple of hours went by and my Internet still wasn't working I decided to do a Malwarebytes scan. I found three results:
(from the scan log)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
As you see they were all deleted (I usually just quarantine items in case it's a false positive, but these got deleted. I don't know if I unintentionally deleted them or malwarebytes automatically deleted them) Now I'm getting a windows security alert telling me that ZoneAlarm is installed but it's status is "unknown", and that my anti-virus (avast) reports that it is turned off. The ZoneAlarm control center, however, lists "all systems active", and I can start avast with no problem. I still couldn't connect to the Internet, so I scanned with avast, superantispyware, spybot S&D and ad-aware. None of them found anything. By this time it was late and I decided to put it off until today. I'm still getting the windows security alert, but I can access the Internet now. I scanned again with superantispyware and did a boot-time scan with avast, neither found anything. I think there are two possibilities: either I am infected with something that my scanners aren't finding, or the results were false positives and it was just a coincidence that I couldn't access the Internet at the time. (I recently had some false positives with malwarebytes, but in that case I was able to restore the files.) If it was a false positive, what (if anything) can I do to replace the files that were deleted?
Thanks in advance for any responses.
Edited by TreeFitty, 17 March 2009 - 05:58 PM.