Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

  1. #1
    andrew_be Guest

    Default ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi,

    Does somenone have a clue about this strange behavior from vsmon.exe which (in my case, country: Belgium) connects to IP 81.246.38.117
    Here below the contents of the packets sent and the identity returned by SmartWhois.
    I really don't understand this connection, my ISP is unable to give any explanation.

    Thanks for any clue!
    Andrew

    PACKETS SENT/RECEIVE:
    Packet #1
    0x0000 47 45 54 20 2F 31 2F 3F-41 77 71 53 56 78 48 79 GET /1/?AwqSVxHy
    0x0010 54 46 53 38 37 53 58 6F-6C 25 32 42 48 44 46 4C TFS87SXol%2BHDFL
    0x0020 39 63 49 35 69 63 57 6B-4B 4B 72 7A 52 6C 68 45 9cI5icWkKKrzRlhE
    0x0030 49 76 6A 62 58 4C 55 32-31 68 63 6E 52 58 61 47 IvjbXLU21hcnRXaG
    0x0040 39 70 63 79 42 4A 62 6E-52 6C 63 6D 35 68 62 43 9pcyBJbnRlcm5hbC
    0x0050 42 54 5A 58 52 31 63 41-41 30 4C 6A 45 41 56 47 BTZXR1cAA0LjEAVG
    0x0060 46 74 62 31 4E 76 5A 6E-51 41 52 57 35 6E 62 47 Ftb1NvZnQARW5nbG
    0x0070 6C 7A 61 43 41 6F 56 57-35 70 64 47 56 6B 49 46 lzaCAoVW5pdGVkIF
    0x0080 4E 30 59 58 52 6C 63 79-6B 41 51 7A 70 63 55 48 N0YXRlcykAQzpcUH
    0x0090 4A 76 5A 33 4A 68 62 53-42 47 61 57 78 6C 63 31 JvZ3JhbSBGaWxlc1
    0x00A0 78 54 62 57 46 79 64 46-64 6F 62 32 6C 7A 58 48 xTbWFydFdob2lzXH
    0x00B0 4E 33 63 32 56 30 64 58-41 75 5A 58 68 6C 41 44 N3c2V0dXAuZXhlAD
    0x00C0 4D 76 4D 53 38 79 4D 44-41 32 49 44 45 35 4F 6A MvMS8yMDA2IDE5Oj
    0x00D0 51 32 4F 6A 41 77 20 48-54 54 50 2F 31 2E 31 0D Q2OjAw HTTP/1.1.
    0x00E0 0A 48 6F 73 74 3A 20 70-61 32 2E 7A 6F 6E 65 6C .Host: pa2.zonel
    0x00F0 61 62 73 2E 63 6F 6D 0D-0A 41 63 63 65 70 74 2D abs.com..Accept-
    0x0100 45 6E 63 6F 64 69 6E 67-3A 20 67 7A 69 70 0D 0A Encoding: gzip..
    0x0110 41 63 63 65 70 74 3A 20-2A 2F 2A 0D 0A 43 6F 6E Accept: */*..Con
    0x0120 74 65 6E 74 2D 54 79 70-65 3A 20 74 65 78 74 2F tent-Type: text/
    0x0130 70 6C 61 69 6E 0D 0A 55-73 65 72 2D 41 67 65 6E plain..User-Agen
    0x0140 74 3A 20 5A 6F 6E 65 41-6C 61 72 6D 2F 36 2E 31 t: ZoneAlarm/6.1
    0x0150 2E 37 34 34 2E 30 30 31-20 28 6F 65 6D 2D 31 30 .744.001 (oem-10
    0x0160 32 35 3B 20 65 6E 2D 55-53 29 20 5A 53 50 2F 32 25; en-US) ZSP/2
    0x0170 2E 31 0D 0A 0D 0A .1....

    Packet #2
    0x0000 48 54 54 50 2F 31 2E 31-20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK.
    0x0010 0A 43 6F 6E 74 65 6E 74-2D 4C 65 6E 67 74 68 3A .Content-Length:
    0x0020 20 31 32 32 0D 0A 43 6F-6E 74 65 6E 74 2D 54 79 122..Content-Ty
    0x0030 70 65 3A 20 61 70 70 6C-69 63 61 74 69 6F 6E 2F pe: application/
    0x0040 6F 63 74 65 74 2D 73 74-72 65 61 6D 0D 0A 4C 61 octet-stream..La
    0x0050 73 74 2D 4D 6F 64 69 66-69 65 64 3A 20 54 68 75 st-Modified: Thu
    0x0060 2C 20 31 31 20 4D 61 79-20 32 30 30 36 20 31 36 , 11 May 2006 16
    0x0070 3A 33 38 3A 32 38 20 47-4D 54 0D 0A 52 65 73 70 :38:28 GMT..Resp
    0x0080 6F 6E 73 65 2D 43 6F 64-65 3A 20 34 30 34 0D 0A onse-Code: 404..
    0x0090 45 78 70 69 72 65 73 3A-20 54 68 75 2C 20 31 31 Expires: Thu, 11
    0x00A0 20 4D 61 79 20 32 30 30-36 20 31 37 3A 33 38 3A May 2006 17:38:
    0x00B0 32 38 20 47 4D 54 0D 0A-44 61 74 65 3A 20 54 68 28 GMT..Date: Th
    0x00C0 75 2C 20 31 31 20 4D 61-79 20 32 30 30 36 20 31 u, 11 May 2006 1
    0x00D0 36 3A 33 38 3A 32 38 20-47 4D 54 0D 0A 43 6F 6E 6:38:28 GMT..Con
    0x00E0 6E 65 63 74 69 6F 6E 3A-20 6B 65 65 70 2D 61 6C nection: keep-al
    0x00F0 69 76 65 0D 0A 0D 0A 5A-50 44 4F 43 42 49 4E 01 ive....ZPDOCBIN.
    0x0100 00 02 03 0C 01 00 03 01-04 0D 08 0E 00 10 00 0F ................
    0x0110 28 FF 55 97 12 99 40 45-87 76 49 1A 6D CD 59 A8 ( U . @E vI.m Y

    0x0120 1E 60 AD 36 F3 23 6C 12-98 DF 23 68 13 26 DE 4E .`
    6 #l. #h.& N
    0x0130 63 01 0D CE 4E 1C EF 39-35 8A BF BE A6 A6 26 82 c.. N. 95



    &
    0x0140 6C E5 B0 13 BC 55 30 53-12 4F 9D 35 C7 08 27 85 l
    .
    U0S.O 5 .'
    0x0150 6A B2 32 87 6A 7C D4 4F-6C 62 86 10 C2 86 7C 2A j
    2 j| Olb . |*
    0x0160 DD B8 4F E7 C4 2E 1F 17-68 85 2C 61 15 5F 95 F9
    O ...h ,a._
    0x0170 3B ;

    SmartWhois for 81.246.38.117

    81.240.0.0 - 81.247.255.255

    Skynet Belgium
    Provider Local Registry

    Belgacom Internet Expertise Center
    Belgacom SA de droit public
    ANS/ROC/RNO/IEC - Batiment TGX
    Boulevard du Roi Albert II, 27
    B-1030 Bruxelles
    Belgium
    phone: +32 2 202-4111
    fax: +32 2 203-6593

    Abuse:
    Abuse notifications to: abuse@belgacom.be
    abuse requests sent to another address

    Belgacom Internet Expertise Center
    Belgacom SA de droit public
    ANS/ROC/RNO/IEC - Batiment TGX
    Boulevard du Roi Albert II, 27
    B-1030 Bruxelles
    Belgium
    phone: +32 2 202-4111
    fax: +32 2 203-6593

    BE-SKYNET-20021129
    Source: whois.ripe.net

    WS_Ping ProPack gives:

    % This is the RIPE Whois query server #1.
    % The objects are in RPSL format.
    %
    % Note: the default output of the RIPE Whois server
    % is changed. Your tools may need to be adjusted. See
    % http://www.ripe.net/db/news/abuse-pr...-20050331.html
    % for more details.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    % Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '81.240.0.0 - 81.247.255.255'

    inetnum: 81.240.0.0 - 81.247.255.255
    org: ORG-BS2-RIPE
    netname: BE-SKYNET-20021129
    descr: Skynet Belgium
    descr: Provider Local Registry
    country: BE
    admin-c: BIEC1-RIPE
    tech-c: BIEC1-RIPE
    status: ALLOCATED PA
    mnt-by: RIPE-NCC-HM-MNT
    mnt-lower: SKYNETBE-MNT
    mnt-lower: SKYNETBE-ROBOT-MNT
    mnt-domains: SKYNETBE-MNT
    mnt-routes: SKYNETBE-MNT
    source: RIPE # Filtered

    organisation: ORG-BS2-RIPE
    org-name: Belgacom Skynet
    org-type: LIR
    address: Kardinaal Mercier Straat 1
    address: B-1000
    address: Brussels
    address: Belgium
    phone: +3225144366
    fax-no: +3225135425
    admin-c: PDH16-RIPE
    admin-c: PD448-RIPE
    admin-c: MN1190-RIPE
    admin-c: SVDS1-RIPE
    admin-c: NV179-RIPE
    admin-c: PD756-RIPE
    mnt-ref: SKYNETBE-MNT
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-by: RIPE-NCC-HM-MNT
    source: RIPE # Filtered

    role: Belgacom Internet Expertise Center
    address: Belgacom SA de droit public
    address: ANS/ROC/RNO/IEC - Batiment TGX
    address: Boulevard du Roi Albert II, 27
    address: B-1030 Bruxelles
    address: Belgium
    phone: +32 2 202-4111
    fax-no: +32 2 203-6593
    abuse-mailbox: abuse@skynet.be
    admin-c: MN1190-RIPE
    admin-c: PD448-RIPE
    tech-c: PDH16-RIPE
    tech-c: NV179-RIPE
    tech-c: SVDS1-RIPE
    tech-c: PD756-RIPE
    tech-c: PG471-RIPE
    nic-hdl: BIEC1-RIPE
    remarks: -------------------------------------------
    remarks: Network problems to: noc@skynet.be
    remarks: Peering requests to: peering@skynet.be
    remarks: Abuse notifications to: abuse@belgacom.be
    remarks: abuse requests sent to another address
    remarks: will be ignored.
    remarks: -------------------------------------------
    mnt-by: SKYNETBE-MNT
    source: RIPE # Filtered

    % Information related to '81.244.0.0/14AS5432'

    route: 81.244.0.0/14
    descr: SKYNETBE-CUSTOMERS
    origin: AS5432
    mnt-by: SKYNETBE-MNT
    source: RIPE # Filtered

    Operating System:Windows 2000 Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117



    Hi,







    Since it is not your ISP, I recommend you to block the IP Address and then scan your computer for any type of nasty bugs that could be hiding inside of it.
    Here are some sites if you are interested to scan your computer, just to be on the safe side.





    http://housecall.trendmicro.com/





    http://www.ewido.net/en/





    Panda ActiveScan




    http://www.pandasoftware.com/active...n_principal.htm




    Make sure you tick Disinfect automatically under Scan Options.









    PLEASE keep me posted on your results, Thanks.

























    SlyFox:8}

    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. #3
    andrew_be Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi,

    Thanks for your attention.
    I checked my computer for different kinds of infections using Panda Titanium (full scan), Spysweeper (latest version), PestPatrol, XofSpsy, Lavasoft Adaware, the antivirus/antispyware from V-COM Fix-It Pro V6; none of them found any suspicious component.
    I also did a monitoring of all running tasks (Essential NetTools). Ethereal detects the same strange connection of vsmon.exe to IP 81.246.38.117 which is an address belonging to my ISP, but a strange one ("mail.lamediatheque.be&quot, if you paste this address "mail.lamediatheque.be" in a browser you will be redirected to "https://outlook.lamediatheque.be/exchange/" and be asked for a passsword!
    I can see that vsmon.exe seems to sent an encrypted packet which is a very strange behavior; why to this address? I could understand that something is sent to ZoneLabs.
    The online scan you mention at Panda doesn't find anything...
    The technical support of my ISP says that they don't know anything about this strange connection. Are they monitoring connections using tricks? No idea.
    I'll keep tracks and try to understand what happens, any clue is welcome!

    Thanks again,

    Andrew

  4. #4
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117



    Hi,







    I think I found your problem.
    PLEASE go to the following thread and
    see if this is the program you have installed?








    http://forums.spywareinfo.com/index.php?s=8d5930e8d88a8fb4048244ff2cfb1c52&s howtopic=17057








    PLEASE keep me posted on your results, Thanks.























    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  5. #5
    andrew_be Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi SlyFox,

    Yes, XoftSpy 4.22 is installed, but not running in background; it doesn't detect anything wrong nor when I run it.
    I read the page you sent, still it doesn't explain why vsmon.exe, a component of ZaPro, connects always to the same IP address i.e. 81.246.38.117
    I also scanned my machine using a strong antivirus boot CD (G Data Antivirus Kit 2006), nothing is found...
    Here below the modules used by vsmon.exe, I don't see anything wrong. The mystery is why this specific 81.246.38.117 IP address?

    Thanks for your attention!

    Andrew

    Report: Modules used by vsmon.exe (W2K Pro SP4)

    Module, Path, Manufacturer
    ACTIVEDS.DLL, C:\WINNT\system32\, Microsoft Corporation
    ADSLDPC.DLL, C:\WINNT\system32\, Microsoft Corporation
    ADVAPI32.DLL, C:\WINNT\system32\, Microsoft Corporation
    camupd.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    CLBCATQ.DLL, C:\WINNT\system32\, Microsoft Corporation
    COMCTL32.dll, C:\WINNT\system32\, Microsoft Corporation
    Crypt32.dll, C:\WINNT\system32\, Microsoft Corporation
    dbghelp.dll, C:\WINNT\system32\ZoneLabs\, Microsoft Corporation
    DHCPCSVC.DLL, C:\WINNT\system32\, Microsoft Corporation
    DNSAPI.DLL, C:\WINNT\system32\, Microsoft Corporation
    FHook.dll, C:\WINNT\system32\, Finjan Software
    GDI32.dll, C:\WINNT\system32\, Microsoft Corporation
    ICMP.DLL, C:\WINNT\system32\, Microsoft Corporation
    IMM32.DLL, C:\WINNT\system32\, Microsoft Corporation
    iphlpapi.dll, C:\WINNT\system32\, Microsoft Corporation
    KERNEL32.dll, C:\WINNT\system32\, Microsoft Corporation
    LPK.DLL, C:\WINNT\system32\, Microsoft Corporation
    LZ32.DLL, C:\WINNT\system32\, Microsoft Corporation
    MPR.dll, C:\WINNT\system32\, Microsoft Corporation
    MPRAPI.DLL, C:\WINNT\system32\, Microsoft Corporation
    msafd.dll, C:\WINNT\system32\, Microsoft Corporation
    MSASN1.dll, C:\WINNT\system32\, Microsoft Corporation
    MSVCRT.dll, C:\WINNT\system32\, Microsoft Corporation
    msxml3.dll, C:\WINNT\system32\, Microsoft Corporation
    NETAPI32.DLL, C:\WINNT\system32\, Microsoft Corporation
    NETRAP.dll, C:\WINNT\system32\, Microsoft Corporation
    ntdll.dll, C:\WINNT\system32\, Microsoft Corporation
    NTDSAPI.dll, C:\WINNT\system32\, Microsoft Corporation
    NTMARTA.DLL, C:\WINNT\system32\, Microsoft Corporation
    ole32.dll, C:\WINNT\system32\, Microsoft Corporation
    OLEAUT32.dll, C:\WINNT\system32\, Microsoft Corporation
    pavipc.dll, C:\WINNT\system32\, Panda Software
    PAVSHOOK.DLL, C:\WINNT\SYSTEM32\, Panda Software
    PGPlsp.dll, C:\WINNT\system32\, PGP Corporation
    psapi.dll, C:\WINNT\system32\, Microsoft Corporation
    qrbase.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    rasadhlp.dll, C:\WINNT\system32\, Microsoft Corporation
    rasapi32.dll, C:\WINNT\system32\, Microsoft Corporation
    rasman.dll, C:\WINNT\system32\, Microsoft Corporation
    rnr20.dll, C:\WINNT\System32\, Microsoft Corporation
    RPCRT4.dll, C:\WINNT\system32\, Microsoft Corporation
    rsaenh.dll, C:\WINNT\system32\, Microsoft Corporation
    RTUTILS.DLL, C:\WINNT\system32\, Microsoft Corporation
    SAMLIB.dll, C:\WINNT\system32\, Microsoft Corporation
    scheduler.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    Secur32.dll, C:\WINNT\system32\, Microsoft Corporation
    sensapi.dll, C:\WINNT\system32\, Microsoft Corporation
    SETUPAPI.DLL, C:\WINNT\system32\, Microsoft Corporation
    SHELL32.dll, C:\WINNT\system32\, Microsoft Corporation
    SHLWAPI.dll, C:\WINNT\system32\, Microsoft Corporation
    srescan.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    sselsp.dll, C:\Program Files\Secure Surfing Engine\,
    SSLEAY32.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    SYSTOOLS.dll, C:\WINNT\system32\, www.pandasoftware.com
    TAPI32.dll, C:\WINNT\system32\, Microsoft Corporation
    TpUtil.dll, C:\WINNT\system32\, Panda Software
    USER32.dll, C:\WINNT\system32\, Microsoft Corporation
    USERENV.dll, C:\WINNT\system32\, Microsoft Corporation
    USP10.dll, C:\WINNT\system32\, Microsoft Corporation
    VERSION.dll, C:\WINNT\system32\, Microsoft Corporation
    vsavpro.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    VSDATA.dll, C:\WINNT\system32\, Zone Labs LLC
    vsdb.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    VSINIT.dll, C:\WINNT\system32\, Zone Labs LLC
    VSRULEDB.DLL, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    VSUTIL.dll, C:\WINNT\system32\, Zone Labs LLC
    vsvault.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    vsxml.dll, C:\WINNT\system32\, Zone Labs LLC
    WINHTTP.dll, C:\WINNT\system32\, Microsoft Corporation
    Wininet.dll, C:\WINNT\system32\, Microsoft Corporation
    winrnr.dll, C:\WINNT\System32\, Microsoft Corporation
    WINSPOOL.DRV, C:\WINNT\system32\, Microsoft Corporation
    WLDAP32.dll, C:\WINNT\system32\, Microsoft Corporation
    WS2_32.DLL, C:\WINNT\system32\, Microsoft Corporation
    WS2HELP.DLL, C:\WINNT\system32\, Microsoft Corporation
    wshtcpip.dll, C:\WINNT\System32\, Microsoft Corporation
    WSOCK32.dll, C:\WINNT\system32\, Microsoft Corporation
    zlcomm.dll, C:\WINNT\system32\, Zone Labs LLC
    ZLCommDB.dll, C:\WINNT\system32\, Zone Labs LLC
    zlparser.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    zlquarantine.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC
    zlsre.dll, C:\WINNT\system32\ZoneLabs\, Zone Labs LLC

  6. #6
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117



    Hi,






    This is why you are getting misdirected in your browser.

    PLEASE go into Internet Options, click on that, should bring you to Internet Properties, look for the top tab that should say Advanced, click on Advanced and scroll down to where it says the following,"Search from the Address Bar, When Searching". Should be a DOT in the the second one down, "DO Not Search From The Address Bar". If it says anything different, change it to what I just mentioned. Click on Apply and then OK. Then go ahead and reboot your computer, to make sure the settings take effect.






    Have you tried to put that ip address range into your blocked sites of your firewall?




























    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Go here and get this: http://www.download.com/HijackThis/3...-10379544.html Okay now try hijackthis in google search engine and pick any forum. They are all free of charge and will determine if there is a true problem.
    http://www.dslreports.com/forum/rema...7664~mode=flat is what some people think of Xoftspy software. Personally if it was my machine, I would uninstall Xoftspy since it appears as a rogue and may have introduced additional malware (against my own knowledge). It may have said in the EULA what was invovled with third party software. Usually the first indication of third party software bundled with first party install is enough for me to halt the entire install/purchase. Using the resources at spywarewarrior.com, XoftSpy is included under the Delisted (at the near bottom of the page). However, I would still strongly avoid this software.
    http://www.spywarewarrior.com/rogue_anti-spyware.htm SlyFox may be very correct: new software and new security issue amy very well go hand in hand. People quite often complain and gripe about the highly advertised/ highly publicized/ highly rated security applications such as Sunbelt, PC Tools, Webroot, Microsoft Defender, ( Zone Labs), etc. But the simple truth is these will never introduce third party software (spyware in some people's eyes), show false positives to convince the user to quickly buy or copied another antispy engine to have a quick build. I would recommend most of the antispyware products on this page
    http://spywarewarrior.com/asw-features.htm I use just SpySweeper, SpywareDoctor, PestPatrol, Ad-Aware SE and not on this list should be added Ewido from ewido.net and ASquared from emsisoft.com. Try these approved applications. OOPS my neighbour just showed up and she needs a ride to her work. Got to go, Take care Oldsod
    Best regards.
    oldsod

  8. #8
    andrew_be Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi,

    Everything looks OK in my advanced settings, plus I almost nerver use IE but Opera or Mozilla.
    I blocked access to IP 81.246.38.117 from within the ZaPro settings, when I do that all my Internet access are blocked as well when ZaPro is running...
    Maybe there is something wrong whith XoftSpy as I read in the next message; I'll uninstall it and shall tell what happens.

    Thanks man!

    Andrew

  9. #9
    andrew_be Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi Oldsod,

    THX for your attention. I'm uninstalling XoftSpy, finally this package never found anything and as you point it out other packages are sufficient.
    What it's also strange is that I loose my Internet connection if I block the acces to 81.246.38.117, always the same IP that vsmon.exe connects to.
    HijackThis doesn't find anything wrong.

    I'll tell what happens after XoftSpy is removed from my machine.

    THX for your suggestions!

    Andrew

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    http://download.zonelabs.com/bin/fre...lert/13.htmlis the official opinion of vsmon.exe and internet access.
    http://www.viruslist.com/en/find?sea...;search=Search describes 207 variations of this worm. Take care Oldsod

    Message Edited by Oldsod on 05-12-200606:02 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.1
    Best regards.
    oldsod

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •