Results 1 to 9 of 9

Thread: ISP Tech says Spyware:ZAP Log

  1. #1
    silverdrop Guest

    Default ISP Tech says Spyware:ZAP Log

    Hi,I noticed several blockedoutgoing attempts to connect with a DNSwhich had myISP domain name with "Star Wars"-related subdomain names tacked on, i.e. vader.cogeco.net, kenobi.cogeco.net, skywalker.cogeco.net,where 'cogeco.net'are my ISP's domain names. Called them andthe agent thought it seemed likespyware trying to send out. Is there another explanation for this? I had a screenshot and a text log to include however cannot figure out how.(While I'm here, wondering if all theactivity with Windows NTLogon Application is normal and why some events which are requests contain nothing in the "Action Taken"Window.) Please let me know if I can attach a short log and or screen shot. Thanks guys. :8}ZoneAlarm Pro version:6.5.722.000
    TrueVector version:6.5.722.000
    Driver version:6.5.722.000
    Anti-spyware engine version:5.0.10.0
    Anti-spyware signature DAT file version:01.200606.260

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    danee Guest

    Default Re: ISP Tech says Spyware:ZAP Log

    hi there
    <BLOCKQUOTE><HR>Silverdrop wrote:
    Hi,I noticed several blockedoutgoing attempts to connect with a DNSwhich had myISP domain name with "Star Wars"-related subdomain names tacked on, i.e. vader.cogeco.net, kenobi.cogeco.net, skywalker.cogeco.net,where 'cogeco.net'are my ISP's domain names. Called them andthe agent thought it seemed likespyware trying to send out. Is there another explanation for this? I had a screenshot and a text log to include however cannot figure out how.(While I'm here, wondering if all theactivity with Windows NTLogon Application is normal and why some events which are requests contain nothing in the "Action Taken"Window.) Please let me know if I can attach a short log and or screen shot. Thanks guys. :8}ZoneAlarm Pro version:6.5.722.000
    TrueVector version:6.5.722.000
    Driver version:6.5.722.000
    Anti-spyware engine version:5.0.10.0
    Anti-spyware signature DAT file version:01.200606.260

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

    <HR></BLOCKQUOTE>



    can you open the zap.log then do a copy all and paste here.

    i have been looking and can not see this kind of thing for virus or spyware.

    i fix customer computers both remotely and also onsite and have not seen this.

    if you can get the log it would be helpful.

    if you want to do a picture as well you can put it on your own website or isp url then when you reply here use the INSERT IMAGE so that you can address it and we can link over to see it.

    thanks danny

  3. #3
    danee Guest

    Default Re: ISP Tech says Spyware:ZAP Log

    <BLOCKQUOTE>

    "can you open the zap.log then do a copy all and paste here."

    Sorry it is:

    zaplog.txt right? not zap.log

    thanks danny</BLOCKQUOTE>

  4. #4
    silverdrop Guest

    Default Re: ISP Tech says Spyware:ZAP Log



    My apologies danee. My e-mail address had changed but I did not update it here and when I received no notification of a reply I assumed it got 'lost in the shuffle'. In the meanwhile, I spoke with a different tech rep for my ISP who told me, "anything ending in cogeco.net is us". However, because my internet connection was functional it was, "beyond what we support" to check the actual full domain namesfor me.

    What bothers me is that my internet connection functions fine with all(3) of theseStar Warsrelatedconnections being blocked. ???

    I added them to my Internet Zone for a time, but then blocked them again. They are now showing up in ZAP's Program Alert Log. The program winlogon.exe keeps attempting outgoing connections to these DNSs.

    I will try and copy and paste the Program Alert Log in a second post below as it is quite long.

    Thanks danee :8}

    Message Edited by Silverdrop on 07-24-2006 12:21 AM

  5. #5
    silverdrop Guest

    Default Re: ISP Tech says Spyware:ZAP Log

    I don't see anything about winlogon.exe or the sub domain names...I hope this makes sense to you...To further clarify: I need to have these in my Internet Zone for I.E., e-mail and updates to work; 24.226.10.193, 24.226.1.90, and ns6.cgocable.net HOWEVER these funny domains are blocked again and seem to affect nothing; vader.cogeco.net;skywalker.cogeco.net;kenobi.cogec o.net. As I said, winlogon.exe keeps trying to connect to them and while one ISP tech was certain they were not legitimate ISP domains and thought it was spywareanother assured me if they ended in "cogeco.net" they must be legitimate- but would not verify them. What do you think? Thanks Again :8} , silverdropThis is only the first part of log as it isfar too long. Let me know if it's not adequate.ZoneAlarm Logging Client v6.5.722.000
    Windows XP-5.1.2600-Service Pack 2-SP
    type,date,time,source,destination,transport (Security)
    type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
    type,date,time,source,destination,action,service (IM Security)
    type,date,time,source,destination,program,action (Malicious Code Protection)
    type,date,time,action,product,file,event,subevent, class,data,data,... (OSFirewall)
    type,date,time,name,type,mode (Anti-Spyware)
    ACCESS,2006/07/15,23:32:08 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (24.226.1.93NS).,N/A,N/A
    ACCESS,2006/07/15,23:32:08 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (24.226.10.193NS).,N/A,N/A
    ACCESS,2006/07/15,23:32:08 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (24.226.1.94NS).,N/A,N/A
    ACCESS,2006/07/15,23:32:08 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (24.226.10.194NS).,N/A,N/A
    FWIN,2006/07/15,23:32:44 -4:00 GMT,221.208.208.86:52830,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:32:54 -4:00 GMT,221.209.110.49:41936,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:33:58 -4:00 GMT,60.11.125.36:35201,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:33:58 -4:00 GMT,204.16.208.101:45386,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:38:12 -4:00 GMT,204.16.208.108:50162,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:38:16 -4:00 GMT,24.147.222.163:20553,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:44:26 -4:00 GMT,221.208.208.89:59746,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:44:56 -4:00 GMT,92.237.163.158:31260,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:45:02 -4:00 GMT,204.16.208.59:47136,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:46:34 -4:00 GMT,221.208.208.96:55801,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:46:48 -4:00 GMT,221.208.208.91:34348,24.226.40.102:1026,UDP
    ACCESS,2006/07/15,23:46:54 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (207.46.130.100:Port 123).,N/A,N/A
    FWIN,2006/07/15,23:48:00 -4:00 GMT,201.155.117.47:1213,24.226.40.102:53526,TCP (flags:S)
    FWIN,2006/07/15,23:48:30 -4:00 GMT,24.235.39.211:28293,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:48:34 -4:00 GMT,200.30.174.214:1062,24.226.40.102:61834,TCP (flags:S)
    FWIN,2006/07/15,23:51:24 -4:00 GMT,221.6.163.50:57979,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:54:12 -4:00 GMT,65.126.21.96:24925,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:54:22 -4:00 GMT,221.208.208.86:58660,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:55:18 -4:00 GMT,26.93.170.232:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:56:36 -4:00 GMT,60.11.125.37:47647,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:56:46 -4:00 GMT,24.137.104.40:63746,24.226.40.102:80,TCP (flags:S)
    FWIN,2006/07/15,23:56:48 -4:00 GMT,24.137.104.40:63748,24.226.40.102:80,TCP (flags:S)
    FWIN,2006/07/15,23:56:54 -4:00 GMT,24.137.104.40:63749,24.226.40.102:80,TCP (flags:S)
    FWIN,2006/07/15,23:57:08 -4:00 GMT,24.137.104.40:63755,24.226.40.102:80,TCP (flags:S)
    FWIN,2006/07/15,23:57:54 -4:00 GMT,202.97.238.134:48328,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:26 -4:00 GMT,204.16.208.111:59279,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:26 -4:00 GMT,204.16.208.111:59280,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:26 -4:00 GMT,204.16.208.111:59281,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:28 -4:00 GMT,204.16.208.111:59282,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:36 -4:00 GMT,160.85.104.103:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/15,23:58:48 -4:00 GMT,80.233.166.91:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:01:20 -4:00 GMT,202.97.238.132:60134,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:01:20 -4:00 GMT,202.97.238.132:60136,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:01:40 -4:00 GMT,60.11.125.38:58040,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:05:48 -4:00 GMT,221.208.208.91:39700,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:07:26 -4:00 GMT,202.97.238.130:35804,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:07:30 -4:00 GMT,221.208.208.95:53419,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:07:40 -4:00 GMT,24.161.65.203:2989,24.226.40.102:80,TCP (flags:S)
    FWIN,2006/07/16,00:08:26 -4:00 GMT,125.248.51.200:6000,24.226.40.102:7212,TCP (flags:S)
    FWIN,2006/07/16,00:08:56 -4:00 GMT,201.226.27.51:3426,24.226.40.102:53526,TCP (flags:S)
    FWIN,2006/07/16,00:08:58 -4:00 GMT,204.16.208.105:56485,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:10:36 -4:00 GMT,221.6.163.50:35724,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:10:40 -4:00 GMT,72.34.9.36:21422,24.226.40.102:16436,TCP (flags:S)
    FWIN,2006/07/16,00:11:12 -4:00 GMT,24.227.239.37:0,24.226.40.102:0,ICMP (type:8/subtype:0)
    FWIN,2006/07/16,00:11:38 -4:00 GMT,65.133.139.123:31257,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:12:12 -4:00 GMT,221.208.208.90:33600,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:14:50 -4:00 GMT,221.208.208.93:57417,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:15:00 -4:00 GMT,221.208.208.86:36342,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:16:56 -4:00 GMT,191.17.170.237:31260,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:17:26 -4:00 GMT,216.189.167.183:3901,24.226.40.102:4899,TCP (flags:S)
    FWIN,2006/07/16,00:18:50 -4:00 GMT,60.11.125.44:56607,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:19:20 -4:00 GMT,24.20.193.116:19460,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:22:32 -4:00 GMT,222.231.57.10:6000,24.226.40.102:1080,TCP (flags:S)
    FWIN,2006/07/16,00:23:20 -4:00 GMT,24.181.108.146:8659,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:23:22 -4:00 GMT,221.208.208.89:59746,24.226.40.102:1026,UDP
    OSFW,2006/07/16,00:24:14 -4:00 GMT,BLOCKED,HP Print Screen Confifuration,C:\PROGRAM FILES\HP\DIGITAL IMAGING\HP PRINT SCREEN\prnconf.exe,REGISTRY,SETVALUE,SRC,HKLM\SOFT WARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN,PrnSys Executable
    FWIN,2006/07/16,00:24:24 -4:00 GMT,204.16.208.102:47646,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:25:28 -4:00 GMT,60.11.125.36:51347,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:28:46 -4:00 GMT,72.168.40.63:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:30:56 -4:00 GMT,221.208.208.91:47057,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:31:38 -4:00 GMT,202.97.238.132:41964,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:32:30 -4:00 GMT,221.209.110.47:58140,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:35:16 -4:00 GMT,204.16.208.101:41944,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:35:22 -4:00 GMT,61.175.163.195:2868,24.226.40.102:1434,UDP
    FWIN,2006/07/16,00:35:24 -4:00 GMT,221.209.110.49:38810,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:35:26 -4:00 GMT,221.209.110.49:38811,24.226.40.102:1026,UDP
    ZLUpdate,2006/07/16,00:35:36 -4:00 GMT,,,Auto
    FWIN,2006/07/16,00:35:38 -4:00 GMT,221.208.208.86:42116,24.226.40.102:1026,UDP
    ZLUpdate,2006/07/16,00:35:44 -4:00 GMT,,,Auto
    FWIN,2006/07/16,00:38:06 -4:00 GMT,221.208.208.104:35576,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:39:28 -4:00 GMT,204.16.208.112:50344,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:42:02 -4:00 GMT,221.208.208.87:51844,24.226.40.102:1026,UDP
    FWIN,2006/07/16,00:42:32 -4:00 GMT,24.35.136.191:28979,24.226.40.102:1026,UDP
    FWIN,2006/07/16,16:57:32 -4:00 GMT,54.252.169.36:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,16:59:34 -4:00 GMT,204.16.208.105:56488,24.226.40.102:1026,UDP
    FWIN,2006/07/16,16:59:34 -4:00 GMT,204.16.208.105:56488,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:00:08 -4:00 GMT,202.97.238.130:42489,24.226.40.102:1027,UDP
    ACCESS,2006/07/16,17:00:24 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (24.226.10.193NS).,N/A,N/A
    FWIN,2006/07/16,17:01:18 -4:00 GMT,221.6.163.50:40629,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:01:18 -4:00 GMT,221.6.163.50:40629,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:02:06 -4:00 GMT,24.73.115.107:19778,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:02:28 -4:00 GMT,221.208.208.101:44782,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:02:28 -4:00 GMT,221.208.208.101:44783,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:05:06 -4:00 GMT,24.22.45.182:14543,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:06:28 -4:00 GMT,108.121.125.51:31260,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:07:00 -4:00 GMT,65.118.21.182:3804,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:08:00 -4:00 GMT,221.208.208.86:40355,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:09:14 -4:00 GMT,202.97.238.134:53227,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:09:56 -4:00 GMT,221.208.208.90:46909,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:11:04 -4:00 GMT,221.209.110.49:48807,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:11:06 -4:00 GMT,221.209.110.49:48807,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:12:20 -4:00 GMT,24.34.233.191:2434,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:12:52 -4:00 GMT,55.180.91.239:31260,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:14:18 -4:00 GMT,202.97.238.132:60796,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:14:18 -4:00 GMT,202.97.238.132:60796,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:15:38 -4:00 GMT,201.226.27.51:2244,24.226.40.102:53526,TCP (flags:S)
    ZLUpdate,2006/07/16,17:15:58 -4:00 GMT,,,Auto
    ZLUpdate,2006/07/16,17:16:00 -4:00 GMT,,,Auto
    FWIN,2006/07/16,17:16:20 -4:00 GMT,60.11.125.36:58635,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:16:20 -4:00 GMT,60.11.125.36:58637,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:16:20 -4:00 GMT,60.11.125.36:58637,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:19:40 -4:00 GMT,61.180.228.245:35936,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:19:40 -4:00 GMT,61.180.228.245:35936,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:20:04 -4:00 GMT,218.201.44.118:60929,24.226.40.102:22,TCP (flags:S)
    FWIN,2006/07/16,17:22:40 -4:00 GMT,221.209.110.47:46504,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:22:40 -4:00 GMT,221.209.110.47:46504,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:23:48 -4:00 GMT,24.170.172.178:0,24.226.40.102:0,ICMP (type:3/subtype:3)
    FWIN,2006/07/16,17:25:30 -4:00 GMT,221.208.208.102:34170,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:25:58 -4:00 GMT,66.236.212.59:0,24.226.40.102:0,ICMP (type:3/subtype:3)
    FWIN,2006/07/16,17:26:18 -4:00 GMT,221.208.208.87:48927,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:26:18 -4:00 GMT,221.208.208.87:48927,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:26:20 -4:00 GMT,60.11.125.44:52281,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:26:20 -4:00 GMT,60.11.125.44:52281,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:27:08 -4:00 GMT,20*****.14.111:31260,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:27:30 -4:00 GMT,216.106.115.97:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:28:46 -4:00 GMT,221.208.208.86:46141,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:29:06 -4:00 GMT,221.208.208.96:58597,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:29:06 -4:00 GMT,221.208.208.96:58598,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:30:18 -4:00 GMT,221.208.208.89:59752,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:30:18 -4:00 GMT,221.208.208.89:59752,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:32:28 -4:00 GMT,60.11.125.37:37765,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:32:28 -4:00 GMT,60.11.125.37:37766,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:32:28 -4:00 GMT,60.11.125.37:37766,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:36:14 -4:00 GMT,204.16.208.102:47741,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:36:14 -4:00 GMT,204.16.208.102:47741,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:37:56 -4:00 GMT,204.16.208.101:34839,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:39:14 -4:00 GMT,60.11.125.38:47098,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:39:14 -4:00 GMT,60.11.125.38:47098,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:39:14 -4:00 GMT,60.11.125.38:47100,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:39:14 -4:00 GMT,60.11.125.38:47100,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:39:40 -4:00 GMT,202.97.238.134:34265,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:39:50 -4:00 GMT,221.6.163.50:52524,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:40:52 -4:00 GMT,221.208.208.93:34109,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:40:52 -4:00 GMT,221.208.208.93:34109,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:42:36 -4:00 GMT,24.92.240.115:3325,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:42:52 -4:00 GMT,204.16.208.60:41355,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:44:42 -4:00 GMT,202.97.238.132:42587,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:44:42 -4:00 GMT,202.97.238.132:42587,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:45:22 -4:00 GMT,203.93.191.212:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:46:54 -4:00 GMT,204.16.208.106:35788,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:46:54 -4:00 GMT,204.16.208.106:35788,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:47:06 -4:00 GMT,24.82.70.72:10108,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:48:40 -4:00 GMT,221.209.110.48:60085,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:48:40 -4:00 GMT,221.209.110.48:60085,24.226.40.102:1027,UDP
    FWIN,2006/07/16,17:51:26 -4:00 GMT,65.123.208.46:21474,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:51:48 -4:00 GMT,221.203.189.44:44427,24.226.40.102:1029,UDP
    FWIN,2006/07/16,17:51:48 -4:00 GMT,221.203.189.44:48145,24.226.40.102:1032,UDP
    FWIN,2006/07/16,17:51:48 -4:00 GMT,221.203.189.44:48148,24.226.40.102:2,UDP
    FWIN,2006/07/16,17:56:08 -4:00 GMT,200.107.155.39:11599,24.226.40.102:29198,UDP
    FWIN,2006/07/16,17:56:56 -4:00 GMT,24.137.104.40:60194,24.226.40.102:1738,TCP (flags:S)
    FWIN,2006/07/16,17:56:58 -4:00 GMT,24.137.104.40:60196,24.226.40.102:1738,TCP (flags:S)
    FWIN,2006/07/16,17:57:04 -4:00 GMT,24.137.104.40:60197,24.226.40.102:1738,TCP (flags:S)
    FWIN,2006/07/16,17:57:16 -4:00 GMT,24.137.104.40:60206,24.226.40.102:1738,TCP (flags:S)
    FWIN,2006/07/16,17:57:26 -4:00 GMT,141.247.230.102:30336,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:57:52 -4:00 GMT,221.208.208.92:43766,24.226.40.102:1026,UDP
    FWIN,2006/07/16,17:57:52 -4:00 GMT,221.208.208.92:43766,24.226.40.102:1027,UDP

  6. #6
    ai_tak Guest

    Default Re: ISP Tech says Spyware:ZAP Log

    Have you added your ISP's DNS servers to you trusted zone? it seems like your ISP was funny and named your dns servers after Star Wars stuff.

  7. #7
    silverdrop Guest

    Default Re: ISP Tech says Spyware:ZAP Log

    I have added (3) items to my trusted zone for my ISP, as outlined in prior post. Since everything functions fine while the 'star wars' ones are blocked and the ISP gave me mixed reports about them, suppose I'll just keep them blocked. You would think it would not be "outside what they support" to verify their servers for me wouldn't you..X-( One says spyware! One says I can't check each one. Arrrgh. Anyhow, I appreciate your reply. sd.

  8. #8
    forum_moderator Guest

    Default Re: ISP Tech says Spyware:ZAP Log



    That is called a "heartbeat". The ISP has servers that will send a heartbeat every few minutes or so to see if you are still connected and active. If no reply, they terminate the connection after some amount of time. Open up ZA, press F1 for help, and search for HEARTBEAT for more about that. Usually the simplest solution is to add them to your trusted Zone, as you have done.

    Marcus


  9. #9
    silverdrop Guest

    Default Re: ISP Tech says Spyware:ZAP Log



    Thank-you Marcus. Just to clarify, I've not put ALL the servers winlogon.exe is trying to connect with (outgoing) -that have my ISP's name in their domain name- into myTrusted Zone. I've put 3 in the Internet Zone and3 in my Blocked Zone. This is simply because a) I do not lose my internet connection and b) my ISP wouldn't take the time to verify the oddly named ones for me. From ZAP HELP:

    " If you're not able to identify the server this way, contact your ISP to determine which servers need access permission. <A target=_blank></A>After you have identified the server, add it to the Trusted Zone. "

    If my internet connection is disturbed I'll review the situation, but for now, I've enable three and blocked the three with Star Wars names and all is functioning.

    So it is normal that in Program Alerts,that it'sthe program "winlogon.exe"which is trying to connect OUT to these servers?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •