Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

  1. #21
    andrew_be Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Hi Oldsod,

    I read the document in Dutch at:

    http://www.security.nl/forum/i/90633/

    It seems that this process is considered as normal and as a "bug"...
    Have a look here:

    http://download.zonelabs.com/bin/fre...005/pr_22.html

    Google gives this link as well, but the page doesn't exist anymore:
    Zone Alarm Users Beware!
    Zone Labs was purchased by the Israeli firm Checkpoint Software in December 2003, and the Israeli's immediately revamped Zone Alarm's True Vector Engine. ...
    www.libertyforum.org/printthread.php?Cat=&

    The reason why vsmon.exe sends the packet containing "ZPDOCBIN" and what contains "ZPDOCBIN" remains a mystery, no answer about it. The destination IP is also strange.

    To make it short it's not a virus, nor a worm, nor a spyware (it should be very unlikely that one has been implemented by ZoneLabs itself), still it's a little bit unpleasant to see that data are sent from your machine with no explanation about the content...

    That's all what I found about it.

    Thanks man,

    Andrew

  2. #22
    f_kawashima Guest

    Default Re: ZaPro 6.1.744.001: vsmon.exe strange access to IP 81.246.38.117

    Launch Regedit. Find (Control+F and F3 keys) whether there are any strings that contain "81.246.38.117". If it is there, investigate the embeded or modified registry(ies) value to find where they come from.

    Also, try anlayzing IP packets in details whenever vsmon accesses to the IP address because you appear to have a packet analyzer installed.

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •