Re: can anyone help with these ZA alerts?

From: phoenix (phoenix@fakeaddress.net)
Date: 02/28/03 

From: phoenix <phoenix@fakeaddress.net>
Date: Thu, 27 Feb 2003 23:10:50 GMT

On 27 Feb 2003 16:33:13 -0600, bob stains wrote:

> look at this, Ive been getting pop ups from zone alarm for 1-2 months
> like this and i have no idea what it is - every time the number
> changes randomly, and there is no info about what prog is doing it.
>
> A quck screenshot: http://www.zarron.com/za.jpg
>
> Is it a trojan?
>
> it always asks for an internet connection and when i deny it, it then
> asks for server rights!!!! also to note is that if i right click on
> the prog in zone alarm and select "properties" i get a pop-up error
> saying " Object: 8000d0de The parameter is incorrect"
>
> its trying to send or recieve info on port 7526 i have re-installed my
> OS three times since it started happening (from a ghost image - so yes
> i guess its installed in that somewhere)
>
> I was going to re-install tonight but I'm too curious about it, i want
> to know what the bloody thing is!!!!
>
> Information i get from ZA page is below:
>
> First Alert::
> "New Program - wants access to the internet"
> Program name: Object: 8000cf17
> A program running on your computer, which either attempted to send an
> IP packet over the Internet or is waiting for an incoming packet.
>
> Filename: Object: 8000cf17
> The filename of the program that ZoneAlarm Pro found on your computer.
>
> Program size: 0
> The size of the program executable file in bytes.
>
> Program MD5: 00000000000000000000000000000000
> The MD5 hash, or number, that uniquely identifies the executable.
>
> Date modified Nov-30-1979 12:00:00 AM
> The date when Object: 8000cf17 was most recently modified.
>
> Connect type: Access
> This value can be either Access, which is an Internet connection
> attempt by Object: 8000cf17 or Listening (server activity) which
> indicates that Object: 8000cf17 is waiting for connections coming in
> from the Internet.
>
> Remote Port: 1900
> The port Object: 8000cf17 is using on the remote computer.
>
> Remote IP Address: xx.xxx.xxx.xxx (i removed that)
> The IP address of the remote computer that caused the alert.
> Alert date Feb-25-2003 01:24:40 AM GMT The time when ZoneAlarm Pro
> detected the alert on your computer.
> ----------------------------------------------
>
> Second alert::
> "Server Program - wants to act as a server"
>
> Program name: Object: 8000cf17
> A program running on your computer, which either attempted to send an
> IP packet over the Internet or is waiting for an incoming packet.
>
> Filename: Object: 8000cf17
> The filename of the program that ZoneAlarm Pro found on your computer.
>
> Program size: 0
> The size of the program executable file in bytes.
>
> Program MD5: 00000000000000000000000000000000
> The MD5 hash, or number, that uniquely identifies the executable.
>
> Date modified: Nov-30-1979 12:00:00 AM
> The date when Object: 8000cf17 was most recently modified.
>
> Connect type: Server
> This value can be either Access, which is an Internet connection
> attempt by Object: 8000cf17 or Listening (server activity) which
> indicates that Object: 8000cf17 is waiting for connections coming in
> from the Internet.
>
> Remote IP Address 192.168.0.1
> The IP address of the remote computer that caused the alert.
> Alert date Feb-25-2003 01:28:24 AM GMT The time when ZoneAlarm Pro
> detected the alert on your computer.
>

Hi

No, it's a bug in ZA & ZAP. You need to upgrade to the latest release
3.7.098 - hit the 'check for updates' button. I'd suggest doing a 'new'
install when asked rather than an upgrade, you'll also need to authorise
all your programs again.

Regards

Bill

Relevant Pages

  • can anyone help with these ZA alerts?
    ... asks for server rights!!!! ... "New Program - wants access to the internet" ... The IP address of the remote computer that caused the alert. ...
    (alt.computer.security)
  • Re: HELP Is SYSTEM.EXE spyware or a rogue dial-up ?
    ... > SYSTEM.EXE is trying to connect to the Internet or your local network ... > ZoneAlarm is asking you whether to allow the connection. ... > Alert property Alert property value Technical explanation ... > Remote Port 53 The port SYSTEM.EXE is using on the remote computer. ...
    (microsoft.public.security.virus)
  • HELP Is SYSTEM.EXE spyware or a rogue dial-up ?
    ... Have scanned computer using Norton AV (in safe mode)& run= Spybot - nothing ... SYSTEM.EXE is trying to connect to the Internet or your local network ... Alert property Alert property value Technical explanation ... Remote Port 53 The port SYSTEM.EXE is using on the remote computer. ...
    (microsoft.public.security.virus)
  • Re: Any VMware experts on a Vista site?
    ... I'm glad you got the internet connection sorted, as I said it is simply a case of 'playing around' with the different option to see which one 'finally' works. ... My VM only contains Windows XP and it is only there in case I need to access it for support questions, ... The information in this mail/post is supplied "as is". ...
    (microsoft.public.windows.vista.general)
  • Re: Internet Connection - Validation?
    ... |> microsoft.public.windowsxp.general nass ... First, try to clean up your caches, Internet files and delete cookies ... |I will try to uninstall the weather Bug application and clean up all traces ... "internet connection" problem. ...
    (microsoft.public.windowsxp.general)