1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Zone Alarm

Discussion in 'All Other Software' started by davidgraham16, Jan 27, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    I have just installed zone alarm and I haven't a clue as to what it is doing. If anyone is familiar with this prog. could you plase tell me what the following is all about.
    When I click on Go!Zilla a box pops up with the following message
    "New Program"
    Zone alert program alert
    Do you want to allow IPC Server to access the internet?
    Texhnical Information
    Destination IP:194.168.4.100:DNS
    Filename MSIPCSV.EXE
    Version 1.1.02
    More Information Available

    When I click on the "More info" button Zone Alarm crashed.
    After a reboot I traced out my previous steps but did not press the "more info" button. Instead I answered "Yes" and a message poped up informing me that Go!Zilla is capturing the download.FileName MSIPCSV.EXE
    connecting to pralerts.zonelabs.com
    Then another box similar to the first pops up stating
    "Do you want to allow Go!Zilla to access the internet?
    Technical Information
    Destination IP:194.168.4.100:DNS
    Filename GOZILLA.EXE
    Version 4,1,0,37
    More Information etc.......
    I answered "Yes" and decided to Right click on the downloaded file in Gozilla (pralertresult) and choose "more info" this brought up a web page with the following messaage
    File size 601.38KB (it is recorded as 22.3KB in Gozilla!)
    Downloads:1
    Last Accessed:
    Download Links:
    http%3A%2F%2Fwww.tweaknow.com%2FRamidl%2Framidl9x.zip
    Last Updated:
    Homepage:
    Similar Files:
    There is a logo on the page which pops up a little yellow box saying "This site is tracked by WebTrendsLive" when you hover your mouse over it.
    I installed Zone Alarm to be more in control of my computer but I feel less in control now. Could a more experienced computer user make sense of all this please.
    Sys spec. Win 98(First Edition) 13GB HD 128MB RAM Pentium2 400MHz
    (sorry about the length of this post)
     
  2. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    I didn't put that little yellow smilie that shows its teeth on my post! - I copied this post from the post i put on the pcplus forum. I don't know how it got there - really geting paranoid now! Could I have a virus, NAV does not detect anything.
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,002
    Hiya

    The reason why you got smilies, is that it probabaly says : D but without the spacing.

    So, you posted this on PCPLUS, did you? Didn't see it yet, I'll have a look later. Member there also. Same name.

    Okay, you said Gozilla. Now, this is spyware. Not a good thing to have on your PC, can cause no end of problems.

    go here and download AddAware www.lavasoftusa.com
    Install and run, ensuring that Deep Registry Scan is enabled. Remove all except for any references to Web3000 or new.net. If you're unsure, copy/paste the list here.

    Whilst you're there, download and install RefUpdate to get the latest updates.

    As soon as we've cleaned out the spyware, I'm hoping that we will be okay.

    Regards

    eddie
     
  4. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    Hi eddie
    Thanks for helping me. I have copied/pasted the report below. I would like to know what to do next.
    Scan initialized on 27/01/02 22:53:24.
    (AAW release 5.62, referencefile 087-22.09.2001)
    =================================================


    Started memory scan
    ====================
    Running processes:

    #:1 Name: C:\WINDOWS\SYSTEM\KERNEL32.DLL
    ----------------------------
    Threads:4
    ProcID:4279175923
    ParentProcID:2123315451
    BasePriority:High

    #:2 Name: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    ----------------------------
    Threads:1
    ProcID:4294925711
    ParentProcID:4279175923
    BasePriority:Normal

    #:3 Name: C:\WINDOWS\SYSTEM\MPREXE.EXE
    ----------------------------
    Threads:1
    ProcID:4294920735
    ParentProcID:4294925711
    BasePriority:Normal

    #:4 Name: C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    ----------------------------
    Threads:1
    ProcID:4294961903
    ParentProcID:4294925711
    BasePriority:Normal

    #:5 Name: C:\WINDOWS\SYSTEM\mmtask.tsk
    ----------------------------
    Threads:1
    ProcID:4294878663
    ParentProcID:4294925711
    BasePriority:Normal

    #:6 Name: C:\WINDOWS\EXPLORER.EXE
    ----------------------------
    Threads:11
    ProcID:4294873539
    ParentProcID:4294925711
    BasePriority:Normal

    #:7 Name: C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    ----------------------------
    Threads:1
    ProcID:4294883035
    ParentProcID:4294873539
    BasePriority:Normal

    #:8 Name: C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE
    ----------------------------
    Threads:1
    ProcID:4294819679
    ParentProcID:4294873539
    BasePriority:Normal

    Memory scan result:
    Total modules found:8
    Suspicious modules found:0


    Started registry scan
    ======================
    Aureate key:HKEY_USERS\.default\software\aureate\
    Aureate key:HKEY_CURRENT_USER\software\aureate\
    Aureate key:HKEY_LOCAL_MACHINE\software\aureate\
    Aureate key:HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radiate advertising\
    Aureate key:HKEY_LOCAL_MACHINE\software\radiate\
    Aureate key:HKEY_USERS\.default\software\netscape\netscape navigator\automation shutdown\stub.netscapestop.1
    Aureate key:HKEY_USERS\.default\software\netscape\netscape navigator\automation startup\netscape starting


    Started extended registry scan
    ===============================


    Registry scan result:
    Suspicious keys found :7


    Started folder scan
    ====================
    Now processing drive (C), 0 remaining.
    Aureate folder:C:\WINDOWS\Application Data\Software\Radiate
    Aureate folder:C:\WINDOWS\Start Menu\Programs\Radiate
    Aureate folder:C:\WINDOWS\amcdl\adcache
    Aureate folder:C:\WINDOWS\amcdl
    Finished processing Drive(C), 1462 folders total.

    Folder scan result:
    Folders processed:1462
    Suspicious folders found:4


    Started file scan
    ==================
    Aureate file:C:\WINDOWS\SYSTEM\htmdeng.exe
    Aureate file:C:\WINDOWS\SYSTEM\ipcclient.dll
    Aureate file:C:\WINDOWS\SYSTEM\msipcsv.exe
    Aureate file:C:\WINDOWS\SYSTEM\tfde.dll
    Aureate file:C:\WINDOWS\Start Menu\Programs\Radiate\Radiate Web Site.url
    Doubleclick file:C:\WINDOWS\Cookies\david [email protected][2].txt

    File scan result:
    Suspicious files found:6



    Scanning finished
    ==================
    Suspicious modules found:0
    Suspicious keys found :7
    Suspicious folders found:4
    Suspicious files found:6
    =========================
    Spyware components ignored:0
    Total spyware components found:17
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,002
    Okay, they're just Aureate files. You can remove them. Just click in each box and click Next. It will ask if you want to delete them, say yes. Restart after and run again, just to be safe.

    Also, before you do all that, can I take a look at your startup programs?
    Go to Run and type MSINFO32
    On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.
    There may be something on startup to uncheck first.

    Regards

    eddie
     
  6. jbcalg

    jbcalg

    Joined:
    Oct 29, 2001
    Messages:
    2,056
    i'll leave you and eddie to hash out the adaware stuff
    -it's good software but different than ZA in what it does

    ZA will ask you about any software accessing the internet
    - twice actually, once for the local intranet and once for the internet
    - if you want the software to connect, click yes - or click 'remember this answer' or whatever it says, then click yes
    - you won't see it again the next time that software connects

    if you're not sure - click no and see what happens

    if you open the programs section of ZA, you'll see each program that has permission to access the internet, doesn't have permission, or will ask you for permission each time
     
  7. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    Hi Eddie
    Thanks for the help and advice. I have included the startup progs below(it doesn't copy and paste very well-sorry)
    I think I set ad-aware to remove adware automatically as I ran the scan again today to see if it found the same items and at the end of the scan it removed them all. Pity really, as i have not had an opportunity to make use of adwares backup facility just in case it deletes something vital. So far there is no ill effects-touch wood.

    Norton Program Scheduler Startup Group "C:\Program Files\Norton AntiVirus\NSCHED32.EXE" /min
    EPSON Status Monitor 3 Environment Check 2 Startup Group C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    Microsoft Office Shortcut Bar Startup Group "C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE"
    Norton System Doctor Startup Group "C:\Program Files\Norton Utilities\SYSDOC32.EXE"
    Office Startup Startup Group "C:\Program Files\Microsoft Office\Office\OSA.EXE"
    WinZip Quick Pick Startup Group "C:\Program Files\WinZip\WZQKPICK.EXE"
    ZoneAlarm Common Startup Group "C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe" -nopopup
    SystemTray Registry (Machine Run) SysTray.Exe
    EnsoniqMixer Registry (Machine Run) starter.exe
     
  8. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    BTW-what are aureate files?
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,002
    Hiya

    Using AddAware is usually 99% safe. Many here use it, including the Moderators, so it must be good :p

    I was gonna say, its best not to have AddAware remove things automatically. The reason I say that, is if you go to that site that Tony mentioned, there are two nasties, called new.net and Web3000. If you remove the files first without uninstalling the programs, you may have problems dialing up again.

    If everythings working well, and Gozilla is dead now, then go to Tools | Internet Options. Advanced Tab, under Browsing look for Enable Install on Demand. Untick that, apply and ok.

    Regards

    eddie
     
  11. davidgraham16

    davidgraham16 Thread Starter

    Joined:
    Dec 31, 2001
    Messages:
    25
    Hi Eddie
    After uninstalling Go!Zilla on rebooting a message on the black screen at start up came up saying "non system disc" - I checked the was no floppies left in the A: drive but that wasn't the problem. I couldn't figure out how to get around the problem so I ended up having to format my hard drive and re-install windows. I am now back to normal but it has been a long process! - I guess uninstalling G0!Zilla must have removed an important system file.
    I have unticked "Enable install on demand" (Internet Explorer) - why do you suggest doing this please? Also do I need to uncheck a similar entry "Enable install on demand"(Other")
    regards
    David
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,002
  13. rebon

    rebon

    Joined:
    Oct 21, 2001
    Messages:
    1,118
    eddie, he is right there are two options as you advise

    enable install on demand (internet explorer)
    enable install on demand (other)

    what you reckon eddie shall i uncheck both?

    thx...rob
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,002
    rebon

    I'm a bit lost. Where are the two entries? I can see Install on Demand under the browsing, but mine dosen't say internet Explorer. Is yours IE6? Mine's IE5.5.

    Id you can tell me where the 'other' is, I'll confirm, but it may be okay to uncheck.

    Regards

    eddie
     
  15. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It's exclusive to IE 6.0:

    This is what MS says about it :)D):

    In Internet Explorer 6, components that can be installed by Active Setup by using the CIF for Setup instructions are controlled by the Enable Install on Demand (Internet Explorer) setting.

    Components that can be installed by using self-installing program files that are registered with Internet Explorer 6 are controlled by the Enable Install on Demand (Other) setting.

    Greetz,
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/66649

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice