Results 1 to 7 of 7

Thread: What are the chances that my pc is a zombie after ZAPro crashes?

  1. #1
    supah Guest

    Default What are the chances that my pc is a zombie after ZAPro crashes?

    I woke up one morning (my pc was online that night: bittorrenting) and saw a warning on my screen that there was a True Vector shutdown. I looked on this forum and saw that this basicly means that ZA crashed and my pc was unprotected for most of the night, lets say between 6 and 8 hours. I've read once that it takes about an average of 12 minutes to get hacked and zombied if you're online unprotected. As a result I downgraded from 6.5.737.000 back to 6.1.744.001. So, chances are my pc was hacked and zombied after the True Vector crash. A bloody shame if you ask me. But what should I do now? How do I know for sure this is the case and futhermore: how can I get rid of any unwanted visitors on my system? My question is aimed at any computerexpert, but mainly at the friendly people at Zonelabs.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.1

    Message Edited by FrereOP on 12-21-2006 10:01 PM

  2. #2
    supah Guest

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    Thank you for editing my question.

    Message Edited by supah on 12-21-200607:54 AM

    There is a difference between being critical and being rude about it. The part that was edited out was not acceptable under the posting rules. Other Guru's have deleted messages for less than that so I suggest if you wish to remain a part of this forum, you abide by the posing rules.

    Message Edited by FrereOP on 12-22-2006 09:12 PM

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    Supah

    You would not be the first ZA user to have issues with the ZA 6.6 and P2P. The ZA 6.1 is better for P2P useage.

    One thing that does come to mind is reduce the number of connections in the P2P and the speeds. This does make things slower, but usually fixes some troubles of ZA crashing. The ZA does P2P well, just on it's terms. If no software firewall was used (using just Windows XP or behind a server/firewall) the speeds and number of connections can be increased.

    There should be a very good antivirus and antispy running on the PC when P2P is taking place and these should have protected the PC. Consider some HIPS such as SSM in the "Block everything" Mode (after things are properly setup, of course). This will block any install or any possible change. Plus complete logs and records are created to show the PC is clean or help in tracing malware. Even the freeware will do an adequate job.

    http://www.syssafety.com/files.html

    You could sleep very well with this application running on the actively nocturnal PC doing internet activities..

    There is a chance there is no infections, but to be sure please update and run all your security applications. Some online scans with the IE (they use ActiveX) would be highly recommended.

    http://www.bitdefender.com/scan8/ie.html

    http://www.ewido.net/en/onlinescan/

    http://housecall.trendmicro.com/

    Three freware on-demand scanners. This are fair togood in performance and they have no running processes before they are started and have no running process after they are finished.

    http://www.lavasoftusa.com/products/...e_personal.php

    http://www.superantispyware.com/

    http://www.emsisoft.com/en/software/free/

    This should cover the entire field of viri, worms, trojans, BHO, adware, some rootkits, CWS, cookies and various spyware.

    Another thing to consider for enhancing the P2P security is to use either Peer Guardian or Protowall. Either one can be used in conjunction with a software firewall. There are some that have issues, but the ZA does work well either one of these site blockers. Almost every P2P user will claim there are numerous sites blocked every time with the Peer Guardian or Protowall. Plus not just P2P, but trojan, spyware, edu, government and various other listes are available. I use this and an additional homemade list of BLDNS and the total number of sites in the list is over 1.6 billion. The following are all freeware.

    http://www.bluetack.co.uk/modules.ph...howpage&pid=13

    Checdk out the dropdown in the List to Use. These can be even added by notepad to the ipfilter list>

    http://www.bluetack.co.uk/converter/index.php

    http://phoenixlabs.org/pg2/

    http://wiki.phoenixlabs.org/wiki/PeerGuardian_2:Manual

    and of course>

    http://test.blocklist.org/

    Also see>

    http://pgl.yoyo.org/as/

    for adserver lists for either Opera or host lists.

    And see>

    http://www.malware.com.br/

    for adserver lists for either FireFox or host lists.

    And see>

    http://www.bluetack.co.uk/forums/ind...etails&f_id=25

    for a large host list. Please remember to set the DNS Client service to manual and reboot before attempting to add these host filters to the host list. Some users claim there are limits to the size of a host list, but workable sizes of 3 to 5 meg are not unheard of.

    Oldsod

    Message Edited by Oldsod on 12-21-2006 02:38 PM
    Best regards.
    oldsod

  4. #4
    supah Guest

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    Hi Oldsod,
    Thank you for your advice and tips. As always it's usefull and very helpfull. I'm still a little ticked off at the fact that my question was edited in a way that it was 'critique-free'. Last time I checked, this was still a free country right?
    But to stay on subject: Thanx for the online scanners and the tip to use a siteblocker. I'm just worried that even if my pc is trojan/worm/virus free that the fact that if it's a zombie will be hard to find out. But your tip is to check the logs and records to see if any changes were made on the night in question.
    BTW: what do you mean with: "Consider some HIPS such as SSM in the "Block everything" Mode (after things are properly setup, of course). This will block any install or any possible change."?? Is this a feature in ZAPro?
    Again, thanx for the help.

  5. #5
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    <blockquote><hr>supah wrote:
    ... I'm still a little ticked off at the fact that my question was edited in a way that it was 'critique-free'. Last time I checked, this was still a free country right?
    <hr></blockquote>


    To the contrary. It is an International forum paid for by a company and with strict posting rules. Criticism is welcomed but not when accompanied by language that is not acceptable. If you can't or don't want to abide by the rules, your post will be edited or deleted and you could find yourself banned.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    The ZA OS Firewall is a good and easy to use HIPS, but there is no setting to block any new processes. The freeware SSM does have this feature in the Program Behaviour- the user interface is disconnected and the "block everything (paranoiac setting)" is chosen. Version 2.0.9.583 is the one I am using.


    Oldsod
    Best regards.
    oldsod

  7. #7
    supah Guest

    Default Re: What are the chances that my pc is a zombie after ZAPro crashes?

    Again, no foul language was used. I tried to explain this, but again my reply was deleted. But okay, have it your way:
    Version 6.5.737.000, it too is a honorable version.
    All hail to Zonelabs for the best product in the world. Version 6.5.373.000 is the best ever!! Boo to all who think it's not a good product. They are bad, bad, bad.
    Version 6.5.737.000, it too is a honorable version.
    it's good to know that paying customers are treated like kings, as they should.
    Version 6.5.737.000, it too is a honorable version.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •