can anyone help with these ZA alerts?
From: bob stains (bob@stains.com)
Date: 02/27/03
- Next message: Sam Simpson: "Re: PGP Secure? Nope!"
- Previous message: Robert Tinsley: "Re: Port Scans and Prelude"
- Next in thread: phoenix: "Re: can anyone help with these ZA alerts?"
- Reply:(deleted message) phoenix: "Re: can anyone help with these ZA alerts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: bob stains <bob@stains.com> Date: 27 Feb 2003 16:33:13 -0600
look at this, Ive been getting pop ups from zone alarm for 1-2 months
like this and i have no idea what it is - every time the number
changes randomly, and there is no info about what prog is doing it.
A quck screenshot: http://www.zarron.com/za.jpg
Is it a trojan?
it always asks for an internet connection and when i deny it, it then
asks for server rights!!!! also to note is that if i right click on
the prog in zone alarm and select "properties" i get a pop-up error
saying " Object: 8000d0de The parameter is incorrect"
its trying to send or recieve info on port 7526 i have re-installed my
OS three times since it started happening (from a ghost image - so yes
i guess its installed in that somewhere)
I was going to re-install tonight but I'm too curious about it, i want
to know what the bloody thing is!!!!
Information i get from ZA page is below:
First Alert::
"New Program - wants access to the internet"
Program name: Object: 8000cf17
A program running on your computer, which either attempted to send an
IP packet over the Internet or is waiting for an incoming packet.
Filename: Object: 8000cf17
The filename of the program that ZoneAlarm Pro found on your computer.
Program size: 0
The size of the program executable file in bytes.
Program MD5: 00000000000000000000000000000000
The MD5 hash, or number, that uniquely identifies the executable.
Date modified Nov-30-1979 12:00:00 AM
The date when Object: 8000cf17 was most recently modified.
Connect type: Access
This value can be either Access, which is an Internet connection
attempt by Object: 8000cf17 or Listening (server activity) which
indicates that Object: 8000cf17 is waiting for connections coming in
from the Internet.
Remote Port: 1900
The port Object: 8000cf17 is using on the remote computer.
Remote IP Address: xx.xxx.xxx.xxx (i removed that)
The IP address of the remote computer that caused the alert.
Alert date Feb-25-2003 01:24:40 AM GMT The time when ZoneAlarm Pro
detected the alert on your computer.
----------------------------------------------
Second alert::
"Server Program - wants to act as a server"
Program name: Object: 8000cf17
A program running on your computer, which either attempted to send an
IP packet over the Internet or is waiting for an incoming packet.
Filename: Object: 8000cf17
The filename of the program that ZoneAlarm Pro found on your computer.
Program size: 0
The size of the program executable file in bytes.
Program MD5: 00000000000000000000000000000000
The MD5 hash, or number, that uniquely identifies the executable.
Date modified: Nov-30-1979 12:00:00 AM
The date when Object: 8000cf17 was most recently modified.
Connect type: Server
This value can be either Access, which is an Internet connection
attempt by Object: 8000cf17 or Listening (server activity) which
indicates that Object: 8000cf17 is waiting for connections coming in
from the Internet.
Remote IP Address 192.168.0.1
The IP address of the remote computer that caused the alert.
Alert date Feb-25-2003 01:28:24 AM GMT The time when ZoneAlarm Pro
detected the alert on your computer.
- Next message: Sam Simpson: "Re: PGP Secure? Nope!"
- Previous message: Robert Tinsley: "Re: Port Scans and Prelude"
- Next in thread: phoenix: "Re: can anyone help with these ZA alerts?"
- Reply:(deleted message) phoenix: "Re: can anyone help with these ZA alerts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
