Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Malware: vsmon.exe

  1. #1
    orbital Guest

    Default Malware: vsmon.exe

    'm the type of guy that always wants to know what his system is up to.
    Yesterday, while running " TCP View " I noticed that vsmon.exe keep poping
    up and wanted to connect to the Internest every few seconds. I am aware that
    vsmon.exe is related to ZoneAlarm which is installed. If I'm correct it's ZoneAlarm's
    Internet Monitoring Service. I'm really concerned because it's never shown this kinda
    behavior before. In "TCP View" it pops up for a second or two then turns red and disappears.
    I guess you could say it's opening up a connection long enought to ping something.
    Now I can only see this action in " TCP View ", I'm not getting any alert from ZA at all.


    Here is what " TCP View " shows.

    vsmon.exe:1696_____UDP_____ComputerName:1285_____* .*

    It's always port 1696 but the 1285 part changes.

    Could someone please tell me what this means and what to do.

    I've ran a virus scan (NOD32)
    I've also ran Ad Aware, Spybot, and Defender
    All these turned up empty.

    I understand PC's a bit but nothing as technical as ports disabling ect.

    I'm runnning as a Limited user on purpose so stuff like this can't happen but
    I guess that didn't matter. I'm thinking I could have been hit by one of those
    new Zero day exploits but who knows. I did miss a day of patches, I just Patched
    my PC yesterday with those new Security Updates. Most of these sites I go to are
    well known but there are a few I know that the admin may not keep his security patches
    for his server up to date. The last thing I want to do is polute the internet with another
    bot net drone.

    My System:
    Windows XP Pro ( Service Pack 2 )
    All current Patches
    FireFox with No Script extension.

    Thanks guys, I really need your help ........

    Orbital

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:5.x

  2. #2
    pairofhearts Guest

    Default Re: Malware: vsmon.exe

    TrueVector Service - VSMON.EXE

    Copyright
    2001, Zone Labs Inc.

    VSMON.EXE is the executable for TrueVector. It installs with the ZoneAlarm and ZoneAlarm Pro Internet Firewall software by ZoneLabs. It enforces the security rules you set up when you installed Zone Alarm. It may display as "True Vector" in your task list.

    This file may also appear as VSMON.EXE -SERVICE. The -SERVICE switch runs TrueVector as a service on startup. It will continue to run until you shutdown your computer or end the service in the Services Manager. If you run ZoneAlarm, you must leave this file in place. ZoneAlarm won't run properly without it.

    Safe
    Recommended

  3. #3
    orbital Guest

    Default Re: Malware: vsmon.exe

    pairofhearts,
    Thanks for the reply.....

    I was sure that vsmon.exe went with ZoneAlarm but I'm not sure if what
    it's currently doing is normal. In the past when I ran "TCP View" vsmon.exe
    wasn't showing this kinda behavior. It didn't appear in tcp view for a second
    connect then disconnect and disappear. This leads me to believe that it's doing
    something it shouldn't. Is there any malware or viruses that modify vsmon.exe?

    I'm running ZA Free version: 5.1.011.000
    True Vector Engine version: 5.1.011.000

    Is ZoneAlarm ( vsmon.exe ) supposed to connect to the net every 16 seconds or so?

    When you run tcp view do you get these results?

    vsmon.exe:1696_____UDP_____ComputerName:1285_____* .*

    It's always port 1696 but the 1285 part changes.


    If my Anti-virus and Anti-Spyware programs don't see anything
    what should I do?

    Would you recommend that I run some online scanners?

    I'm going to take a look to see if VSmon.exe in the right location
    and see if those false reg keys have been added. That will clear
    up at least one option it could be.

    I just really don't know what to do. I really don't want to format.
    Just want to find other options you know......

    orbital

    Message Edited by Orbital on 04-13-200707:29 AM

  4. #4
    pairofhearts Guest

    Default Re: Malware: vsmon.exe

    I would doubt it is Malware or virus, however that being said, my TCP view shows it to be listening only. I do have

    ZoneAlarm Pro version:7.0.337.000
    TrueVector version:7.0.337.000
    Driver version:7.0.337.000
    Anti-spyware engine version:5.0.162.0
    Anti-spyware signature DAT file version:01.200704.1385

    sooooo don't know if it makes a difference. I would contact tech support unless there is someone more knowledgable following this thread.

    For customer support plse read:
    http://forums.zonealarm.com/zonelabs...message.id=132

  5. #5
    m_mitchum Guest

    Default Re: Malware: vsmon.exe

    Hello Orbital!You are not the only one. Look at this:
    Oh the same...
    http://forums.windrivers.com/showthread.php?t=74429See more:
    Is your firewall spying on you?
    http://www.theinquirer.net/default.aspx?article=29157Best regards,mitchum*** E-mail removed: please read Forum Guidelines, e-mail not allowed.***

    Message Edited by fax on 04-16-2007 01:42 AM

  6. #6
    thingie Guest

    Default Re: Malware: vsmon.exe

    Hey, I noticed some weird vsmon stuff, too, after I upgraded to the newest version of zone alarm. In the previous version, I could see that vsmon.exe was always up and listening via TCPView. When I upgraded, vsmon would only pop up every so often (I believe when there was a portscan or "intrusion attempt".) But otherwise it was off the map. However, when I checked in task manager, it was constantly running. I am wondering if maybe this is simply a change in implementation on ZA's part regarding this?

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Malware: vsmon.exe

    This is very OLD news and ZA already fixed it... You can disable communication with ZA if you want, but you will weaken your security and render your ZA useless. If you do not trust your main security tool better to move to something you feel confortable with. http://download.zonelabs.com/bin/fre...005/pr_22.htmlAs a general recommendation, always use the latest ZA version (if you can).Vsmon is the main firewall 'engine', it is always ON and listed as a processin windows task manager (processes).Fax

    Message Edited by fax on 04-17-2007 06:37 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    orbital Guest

    Default Re: Malware: vsmon.exe

    Hey,
    I noticed some post about a known problem with ZoneAlarm communicating out to it's servers.
    Well, heres the deal. I have a very old version of ZA ( Free Version ) and it doesn't have
    those features ( anti-virus ) ( Spam Blocker ) Ect. I turned off auto update years ago.
    and have never updated it. I'll be honest, the reason I never updated it was that I heard
    that they put some type of Nagware into the program and a Buy the Pro Version would pop
    up every so often. I have other security measures in place Router,NOD32,Defender,Ad Aware, Spybot.
    Host file is locked, Running in Limited User mode, file sharing is turned off, ect.
    The version I have doesn't have the Smart Defense..... and other features.

  9. #9
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Malware: vsmon.exe

    Hi!vurnerabilities are discovered all the time and fixed with latest releases. Some vulnerability are published others not, so, in priciple,running old versions could be a risk.For example, see this one: http://www.matousec.com/info/advisor...-functions.phpIt could also affect older version...But if you are not concerned with possible vulnerability and your 5.X is working well, there is no reasons to change firewall. There are many users here still on 6.1, 6.5, 5.5, etc...Nagware? Well, IMHO better to have an updated product (even not from ZA) than an old version of ZA because you are afraid of Nagware... in any case ZAfree 7 is causing a lot of problems for users since it is embedding ZASS in it. May be future updates will improve the situation. ButI have the impression that ZA ismoving away from the free deal (there are many free firewall out there) and concentrateonretails versions. So... not sure what to suggest :8}Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #10
    orbital Guest

    Default Re: Malware: vsmon.exe

    Yeah, I agree with what you stated. It's always good to have
    an updated / Patched product. I should have been doing that.
    I keep everything else patched such as XP and other software.
    I was just told that upgrading ZA would insert that buy Pro box
    that pops up ever 3 weeks. I guess it's better to have that box
    then some Malware or virus. By the way, since I've never updated
    will it upgrade me to version 7 or just patch my version 5.

    You stated that ZA may be leaning away from the free
    version of their free firewall. Have you tried **bleep**? Steve Gibson and
    Leo Leporte are always pushing that Firewall and stating to stay clear
    of ZA. Just wondering if you've had any thoughts on **bleep**.

    I'll be honest, I do my best( usually ) to lock my system down
    but more and more I'm thinking about moving to Linux. Pretty much
    all my software is open source anyways and Ubuntu is gotten to the point
    where it's extremely easy to use.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •