Results 1 to 6 of 6

Thread: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

  1. #1
    austinmuze Guest

    Default Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    All,

    I discovered somethig really weird in the Program Control section and it appears that it is faking out ZoneAlarms settings.

    I have found 3 files in the ZoneAlarm Program Control section that Reverts to Full Access with SUPERACCESS Trust Level and ALLOWED for Trusted/Internet both for Access/Server. I tied to modify the settings by selecting KILL for all options. After reboot, the KILL setting will show up, but after a while, the Full Access settings pop back.

    (these are very unusual filenames)

    1)
    2)
    3) SetBC.tmp


    Also, I tried to set an Expert Rule to try to Block All Activity with this program. But after rebooting, no EXPERT RULE is present.

    I also tried to backup my Expert Rules immediately after making them. I can select Backup Security Settings with no problems, but they are always corrupted when I try to RESTORE. This happens even if I try to restore immediately after a successful backup.

    Finally, whenever I shut down WINDOWS, ZONEALARM will show up as a Non-Responsive Program and is always closed by WINDOWS. On occasion, another program of the name will show up after ZoneAlarm is closed by Windows.

    I am using 6.5.737.000 under Windows XP Pro and I am running as an Admin.
    I have re-installed ZONELARM to no avail. I have tried to make settings in SAFE MODE to no avail.
    I have set a Password to control changing settings but had them revert while I was logged in !!

    Is my ZoneAlarm possessed ??!!?? Is there a rootkit hiding around ??

    Any advice ??,
    AustinMuze

  2. #2
    critterjoe Guest

    Default Re: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    More info would be helpful.

    1) Have you by any chance installed IE 7.0 recently? If so, was it before or after your attempt to install ZA?
    2) Also, go to your program list in ZA control panel, and do a Right-click on each of the 3 unknown programs you mention above, then select "properties" and see where each one is located (i.e., what directory) and if you can tell if they are associated with any particular program.

    I'm wondering if setbc.tmp might be associated with IE 7. I don't know for sure since I have not upgraded to IE 7 yet, but a quick Google seemed to raise that possibility. So faulty installation and conflicts between IE and ZA could be one possibility. ZA's database can become corrupted, too, but you said you did a re-installation, which should reset the database.

    But in addition you might want to download some additional security products and scan your system, such as free versions of Spybot, Ad-Aware, Ewido (now AVG anti-malware), other reputable trojan and rootkit detectors, etc. and/or do some online scans at some of the reputable sites.

    Message Edited by Critterjoe on 11-26-200612:43 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  3. #3
    austinmuze Guest

    Default Re: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    The plots thickens !!
    The entries show up blank for Prodcut name, version, last modified fields. The file size is 0KB nd Lat Policy update is "not applicable". I an not using IE7 and use Firefox. I also use BitDefender, Spysweeper, Spybot, ETRUST pestpatrol apps with nothing ever detected. Recently, my SpySweeper will come up every several days unable to connect to the NETWROK for updates. After re-installing, it works for several days. I have a trouble ticket open with them on that...

    The three suspicious apps also changed themselves back last night even with my ZoneAlarm password enabled !!

    Any other ideas ??

    thanks
    AustinMuze

  4. #4
    uriel Guest

    Default Re: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    I had stuff like this happen, the only way I was able to fix it was to obliterate the ZA database.. Usually these odd things happen when the database gets corrupted.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    Often there are 'remmants of the last software installation with previously allowed rights ( given by the user at the time of the install).

    Doing the database removal should work as suggested, and using a file/registry cleaner will often do the trick.

    I use a freeware called CCleaner>

    http://www.majorgeeks.com/CCleaner_S...ish_d4191.html

    Oldsod
    Best regards.
    oldsod

  6. #6
    doodlebug Guest

    Default Re: Weirdo Program(s) repeatedly Revert to SUPERACCESS settings after KILL previously selected

    Hi,I have a similar problem with two programs in Program Control, one has no name or file path and the other has the name Set9.tmp but no file path. I kill them both but they switch back on as soon as I log on to the net for the first time every day, I kill them immediately but they will switch on again at will.I contacted ZA but they say that ....'there is nothing to worry about as it is probably a temporary file that was accessed on the system at one point. These can get added to the program control list on occasion and this is normal'.Well
    I don't know about normal, suspious is the word that springs more
    readily to mind and, as ZA is supposed to be monitoring suspicious behaviour, what could be more suspicious than a completely anonymous program that puts two finger up to the operator and ZA and does what it wants when it wants? Where is the point of having a Kill switch if the target doesn't stay dead?
    A bit like those horror movies where the bad guy keeps getting up no matter what you do to him.
    I tried switching to 'Ask' but it
    ignored that and still accessed the net as and when.I have
    scanned with Trend and Kaspersky without result but
    as others have already
    tried a larger arsenal I am not sure what to do, surely ZA must be concerned if their Kill button is only fireing blanks. If these programs can do it then what else can???Doodlebug


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •