Re: scanregw.exe showing up in Zonealarm?

From: Matobinder (matobinder@nospam.hotmail.com)
Date: 02/16/02 

From: Matobinder <matobinder@nospam.hotmail.com>
Date: Sat, 16 Feb 2002 10:25:38 GMT

 
>>On Sun, 10 Feb 2002 00:45:23 GMT, Matobinder
>><matobinder@nospam.hotmail.com> wrote:
>>
>>>
>>>Odd thing happened this morning.
>>>
>>>Booted my computer up, and first thing that happend after zonealarm
>>>started was it barked about scanregw.exe trying to act as a server. I
>>>just said no, and was going to investigate.
>>>
>>
>>I had a slightly similar event, Zonealarm reported that scanregw.exe
>>was trying to reach an ip address. I have inoculate av updated
>>daily. I did full virus scans, verified scanregw.exe against the
>>version installed by windows, and found absolutely nothing. This
>>only happened once. With google I found a few others who had
>>experienced the same thing, but were never able to pin down a problem.
>>
>>I've been told I have a trojan, but I have not been able to detect any
>>of the tell tale signs. Your situation sounds a bit more serious.
>>Have you restored the original scanregw.exe and compared to the
>>current one?
>>
>>Ian
>>
>>--
>>ian.toUNSPAM@sympatico.ca
>>
>>remove unspam to reply
>

I sent a mail to ZoneLabs to see if they had any clue. They mentioned it
may be a problem with the TrueVector service, and its log and db files
getting corrupted. Here is the reply the sent me with instructions on how
to clear out the files. I did it, and haven't seen the problem again, but
then I only saw it once in the first place.

---below is a help message from ZoneLabs---
There may be a problem with your TrueVector service. ZoneAlarm is
dependent on its TrueVector service to function properly. You may need to
refresh the files associated with this service, especially after a
networking change, OS change, or ZoneAlarm update.

If the Configure panel is displaying TrueVector driver as loaded and
ZoneAlarm is still not functioning properly, it is possible that some
files have become corrupt. To repair this problem, please follow these
steps. Please note that this will remove your program permissions and
Local Zone settings (so you may want to make note of them), but re-
establishing them is a simple process; you will be prompted again for
program access for all the applications that you use to access the local
network or Internet.

If any of the steps below does not apply to you, or you are unable to
perform the function listed, please continue to the next step.

1. Open the ZoneAlarm program, go to Configure panel, and make sure the
Load At Startup box is UNchecked.

2. Right-click on your taskbar, select Toolbars, and make sure that the
ZoneAlarm deskband is UNchecked as well (if it is checked, click on it to
uncheck it).

If you cannot highlight the Desk Band by right-clicking on the toolbar,
then highlighting Toolbars, try this: Click on the Configure button from
the ZoneAlarm/ZoneAlarm Pro panel, then look for the "Show Shell Toolbar"
checkbox -- make sure that this box is UNchecked.

3. Reboot. You should now have no ZoneAlarm processes running on your
system.

4. Open the Internet Logs directory (in 95/98/ME this will be
"c:\windows\internet logs", in NT and 2000 it will be c:\winnt\internet
logs, in Windows XP it could be either of these folders), where you will
find a file called "iamdb.rdb" and a file named after your computer with
the ".ldb" extension. Delete both of these files.

5. Reboot your system.

6. You will need to start ZoneAlarm manually. (Click Start, Programs, Zone
Labs, ZoneAlarm).
ZoneAlarm will start up again with a fresh database. Each program should
ask for access again if the files were properly deleted.

7. Be sure to REcheck anything you unchecked earlier.

NOTE: If you received an error message upon deleting the files, the
original programs remain in the Programs list, or if the problem persists
after this, removing the files in Safe Mode will allow you to delete the
files properly. If you need further help with this, please reply to this
email keeping all text intact as we do not archive previous emails.

If you need to reply to us, please keep all text intact.

You can download the latest version of ZoneAlarm and ZoneAlarm Pro from
our website:

        http://www.zonelabs.com/zonealarm

Note that the Trial version is the same as the Full version once you enter
your license key. We recommend that you keep a copy of the latest file in
case of problems later.

Best regards,
Zone Labs Support

Quantcast