JayC
Veteran Member
I am also currently using the latest version of Zone Alarm. I have been using Zone Alarm for a very long time now. Not once have I ever got anything from Zone Alarm like what you are getting. /forums/images/graemlins/confused.gif
Spyware?
- Thread starter RonL
- Start date
- Views: 2357
PineRidge
Super Member
GatorBoy thanks for the free advice. The last time I did a system scan using Norton my anti-virus notified me of spyware residing on my hard drive but did not deal with eliminating it. Ad-Aware looks like it took care of the problem the first time that I ran it.
OP
RonL
Banned
- Joined
- Dec 22, 2001
- Messages
- 432
- Location
- Worcester, Massachusetts
- Tractor
- Caterpillar 416C IT, Caterpillar D3G, previously owned a Ford 1910
I'm getting these notifications regularly now. This is the incentive I needed to finally low level format the machine and install Linux. I only use this machine to log onto the web. It is one of the last machines that I have that runs Windows.
RonL
RonL
California
Super Star Member
- Joined
- Jan 22, 2004
- Messages
- 14,983
- Location
- An hour north of San Francisco
- Tractor
- Yanmar YM240 Yanmar YM186D
</font><font color="blue" class="small">( I'm getting these notifications regularly now. )</font>
Me too. Hourly, with or without the browser running.
Zone Alarm logs show something is attempting to contact TBN hourly from all different port numbers, range 1500 ~ 4100, 24 hours per day. See the attached log. This started on 7/12/04 with attempts every three minutes. The only other entries in the log (back to 7-6-04) are to the local DNS server.
This is a new (1 month) install of XP, Zone Alarm, Norton Systemworks, and Mozilla which is the only browser I ever use. Mozilla's Link Prefetching is off.
Norton doesn't see anything and I don't recognise any strange processes in Task Manager. Zone Alarm is halting the outbound packets.
I'm linked through a router to DSL.
Any advice? Anyone?
Me too. Hourly, with or without the browser running.
Zone Alarm logs show something is attempting to contact TBN hourly from all different port numbers, range 1500 ~ 4100, 24 hours per day. See the attached log. This started on 7/12/04 with attempts every three minutes. The only other entries in the log (back to 7-6-04) are to the local DNS server.
This is a new (1 month) install of XP, Zone Alarm, Norton Systemworks, and Mozilla which is the only browser I ever use. Mozilla's Link Prefetching is off.
Norton doesn't see anything and I don't recognise any strange processes in Task Manager. Zone Alarm is halting the outbound packets.
I'm linked through a router to DSL.
Any advice? Anyone?
Last edited:
California: Can you unblock it, and give me your external IP?
That way I can check to see what it's hitting on our end of things.
-Ibrahim
That way I can check to see what it's hitting on our end of things.
-Ibrahim
California
Super Star Member
- Joined
- Jan 22, 2004
- Messages
- 14,983
- Location
- An hour north of San Francisco
- Tractor
- Yanmar YM240 Yanmar YM186D
Ibrahim,
Thanks for looking into this.
I'm not sure what to unblock. Attached is the (free) Zone Alarm list of program permissions. I assume I would start by unblocking one of these - but which one?
I just sent you my static IP and home email in a PM.
Thank you for any help you can provide!
'California'
Thanks for looking into this.
I'm not sure what to unblock. Attached is the (free) Zone Alarm list of program permissions. I assume I would start by unblocking one of these - but which one?
I just sent you my static IP and home email in a PM.
Thank you for any help you can provide!
'California'
Last edited:
Hmmm...
If it's something that's blocked (as your last posted log shows) then maybe it's the Spooler SubSystem App.
What that is... I have no idea.
Everything else is checked out ok. But I'd want you to make sure you know what thebat.exe is as well as checking out Symantec NetDetect. NetDetect might just be set up or assuming that it should check TBN?
The real question is "Do you know exactly what each of those programs is?" Because if anything is out of place, then that should be your first suspect.
-Ibrahim
If it's something that's blocked (as your last posted log shows) then maybe it's the Spooler SubSystem App.
What that is... I have no idea.
Everything else is checked out ok. But I'd want you to make sure you know what thebat.exe is as well as checking out Symantec NetDetect. NetDetect might just be set up or assuming that it should check TBN?
The real question is "Do you know exactly what each of those programs is?" Because if anything is out of place, then that should be your first suspect.
-Ibrahim
California
Super Star Member
- Joined
- Jan 22, 2004
- Messages
- 14,983
- Location
- An hour north of San Francisco
- Tractor
- Yanmar YM240 Yanmar YM186D
Ok, I'm going to approach this systematically and one by one toggle ZoneAlarm's control over applications from 'block' to 'ask', to discover which application is trying to contact TBN.
Eventually I should see an Alert popup like what To20Chris posted, asking permission to make contact. Bingo!
I started by setting Spooler SubSystem from 'block' to 'ask'. (I assume this is spoolsv.exe, the print spooler). After three hours it hasn't asked for access, but ZA logs show those connect attempts continued. It looks like Spooler Subsystem isn't the cause.
TheBat is a simple email program that queries multiple email accounts. It won't run fancy html mischief or scripts and I doubt it ever heard of TBN. Zone Alarm already has it set to 'ask' and it's never asked for access.
Symantec NetDetect could be the problem. It's complex and I don't know what all it does.
Windows XP is new to me and I'm surprised to see how many background tasks are running by default. Several of these seem to be for network applications I would never use. I need to research and shut most of them down.
The search continues...
Eventually I should see an Alert popup like what To20Chris posted, asking permission to make contact. Bingo!
I started by setting Spooler SubSystem from 'block' to 'ask'. (I assume this is spoolsv.exe, the print spooler). After three hours it hasn't asked for access, but ZA logs show those connect attempts continued. It looks like Spooler Subsystem isn't the cause.
TheBat is a simple email program that queries multiple email accounts. It won't run fancy html mischief or scripts and I doubt it ever heard of TBN. Zone Alarm already has it set to 'ask' and it's never asked for access.
Symantec NetDetect could be the problem. It's complex and I don't know what all it does.
Windows XP is new to me and I'm surprised to see how many background tasks are running by default. Several of these seem to be for network applications I would never use. I need to research and shut most of them down.
The search continues...
PBMAX
Platinum Member
California, Her are a couple of links on which ones you can turn off at G4TV(techTV).
g4techtv xp tweaks
Black Viper
This is a fellow that does this one proccess at a time and reboots and test the results.
For example using the classic Windows interface uses less ram. XP's fancy interaface uses, I think he said, up to 12meg of ram.
I haven't tried any of these as my old laptop was W2K. My new one is XP pro so I may tinker with some but being a company pc I have to watch it or a may get my self in a fix...
If any of ya'll tinker with this let me know how well what you do works (I nw use a DEll Latitude D600....
Keep in mind each pc vendor already does some custominzing to XP for there systems. So there is no sure fire way to know beside trying a tweak or Letting some one else with a similar system trying it out 1st!!! I suggest you do a system restore poind before you try any.... It doesn't always fix problems but it has helped me 95% off the time.
paul
g4techtv xp tweaks
Black Viper
This is a fellow that does this one proccess at a time and reboots and test the results.
For example using the classic Windows interface uses less ram. XP's fancy interaface uses, I think he said, up to 12meg of ram.
I haven't tried any of these as my old laptop was W2K. My new one is XP pro so I may tinker with some but being a company pc I have to watch it or a may get my self in a fix...
If any of ya'll tinker with this let me know how well what you do works (I nw use a DEll Latitude D600....
Keep in mind each pc vendor already does some custominzing to XP for there systems. So there is no sure fire way to know beside trying a tweak or Letting some one else with a similar system trying it out 1st!!! I suggest you do a system restore poind before you try any.... It doesn't always fix problems but it has helped me 95% off the time.
paul
