Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
I am the only user on this computer. It is my home computer, running Windows XP SP3.

I used to run ZoneAlarm on my computer, but it was loaded on an external hard drive. When that external drive crashed, ZoneAlarm stopped working, but another component of it called TrueVector had installed itself on my internal c: drive. TrueVector was running silently as a firewall and stopping me from making changes to my system (upgrading Internet Explorer or downloading Firefox). I tried to delete the files but got the message that "Access is denied" and that I should make sure the file is not being used. I tried everything: making sure I was logged in as the Administrator, tried to take ownership of the files, tried to change permissions, but most of the option buttons are grayed out. I booted into SafeMode and tried to delete the files that way, but to no avail.

I ran Malwarebytes and came up with zero infected files. Then I tried Malwarebyes' FileAssassin, with semi-successful results:

The files for TrueVector are in c:\windows\system32\ZoneLabs. FileAssassin managed to delete every file within the ZoneLabs folder, but it left behind these 3 empty folders/directories:

c:\windows\system32\ZoneLabs\lib\pyd
c:\windows\system32\ZoneLabs\streamapi
c:\windows\system32\ZoneLabs\Updates

Also, there are additional files pertaining to TrueVector in the system32 folder:
- vsconfig.xml
- vsxml.dll
- vsregexp.dll
- vsdata.dll
- vsdata95.vxd
- vsdatant.sys
- vsmonapi.dll
- vspubapi.dll
- vsinit.dll
- vsutil.dll
- vswmi.dll
- zlcommdb.dll
- zlcomm.dll

Using FileAssassin I was able to delete all of them EXCEPT: vsconfig.xml and vsdatant.sys

I am also unable to delete the vestiges of TrueVector from the registry:
HKEY_LOCAL_MACHINE\Software\Zone Labs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant

I tried deleting them in Safe Mode and at the DOS command prompt. I typed:

C:\Windows\system32>rd /s ZoneLabs
ZoneLabs, Are you Sure (Y/N)? Y

Alas, It promptly returned "Access is denied" for all the folders:
ZoneLabs\lib\pyd - Access is denied.
ZoneLabs\lib - Access is denied.
ZoneLabs\streamapi - Access is denied.
ZoneLab\Updates - Access is denied.

I would really appreciate your thoughts on how to delete these files and remove them from the registry once and for all.

Kind regards, cheers,
Cat
 

·
Registered
Joined
·
3,775 Posts
ZoneAlarm uses some hidden files which makes the folder appear to be empty. Some of the files are also write protected. Since they are hidden from Windows, you are unable to right-click and select Properties and uncheck the write-protected attribute.

You can try Safe mode and command prompt and type

attrib -h -r C:\Windows\System32\Zonelabs\*.*

and if you don't get an error, run the rd command on the folder.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
Yes, I had previously tried to remove the attributes via DOS, but I always got Access denied.No worries though. I read on another forum that I should boot from my Windows XP installation disk and delete the file from that C:\ prompt and IT WORKED. Hurrah! I was making myself absolutely mental and it was that simple.Thanks for your reply though!Cheers,Cat
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top