Results 1 to 4 of 4

Thread: persistant unblockable vsmon.exe port 80 internet connections

  1. #1
    eellc Guest

    Default persistant unblockable vsmon.exe port 80 internet connections

    Zone labs states the following in a release concerning WORM_RBOT


    "The Zone Labs vsmon.exe process will never request network access. Any program using this name and requesting network access should be treated with caution and denied network access."

    On my system I have vsmon.exe connecting to unknown.leve13.net (note this is leve 13 (the number) dot net NOT level 3 dot net) and several other IPs which appear suspect and have nothing obvious to do with Zone Labs. All the internet connections made my vsmon.exe are to IP addresses without a DNS lookup. The only way to identify these sites is to do an IP whois to find out who owns the ip address. I've manually restricted the IP range of vsmon.exe by entering each IP range it accesses one after another just to find it using a new range the next time I check. I also tried to enter vsmon.exe as a program so I could get it under control just to find it doesn't show up in the list after it is added.

    Based on the statements by Zone Labs that this program will never request internet access, the program on my machine smells like a worm to me. The program is HUGE, makes internet contact even when the program is told not to check for updates, and opens 2-4 http 80 ports on foreign machines as shown by netstat -a -b. How do I get rid of this wormy program?

    K & C ********
    Owners of a company that is almost bankrupt due to security breeches and hackers.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:

  2. #2

    Default Re: persistant unblockable vsmon.exe port 80 internet connections


  3. #3
    jarvis Guest

    Default Re: persistant unblockable vsmon.exe port 80 internet connections

    The ZoneLabs vsmon.exe should be located in C:\Program Files\Zone Labs\ZoneAlarm\repair (or wherever you elected to install)

    and in C:\Windows\system32\ZoneLabs\

    If you right-click it and choose Properties you should see a Digital Signature tab - click that and you should see the file was signed by CheckPoint.

    If this is not the case, it is not a Zonelabs file.

  4. #4
    ai_tak Guest

    Default Re: persistant unblockable vsmon.exe port 80 internet connections

    <BLOCKQUOTE><HR>eellc wrote:

    "The Zone Labs vsmon.exe process will never request network access. Any program using this name and requesting network access should be treated with caution and denied network access."<HR></BLOCKQUOTE>vsmon.exe will never request internet access because it is the thing that decides what programs get internet access, it will automaticly connect to the SmartDefense Advisor servers to get info aboutthe defaultaccess settings for new programs.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •