'm the type of guy that always wants to know what his system is up to.
Yesterday, while running " TCP View " I noticed that vsmon.exe keep poping
up and wanted to connect to the Internest every few seconds. I am aware that
vsmon.exe is related to ZoneAlarm which is installed. If I'm correct it's ZoneAlarm's
Internet Monitoring Service. I'm really concerned because it's never shown this kinda
behavior before. In "TCP View" it pops up for a second or two then turns red and disappears.
I guess you could say it's opening up a connection long enought to ping something.
Now I can only see this action in " TCP View ", I'm not getting any alert from ZA at all.
Here is what " TCP View " shows.
It's always port 1696 but the 1285 part changes.
Could someone please tell me what this means and what to do.
I've ran a virus scan (NOD32)
I've also ran Ad Aware, Spybot, and Defender
All these turned up empty.
I understand PC's a bit but nothing as technical as ports disabling ect.
I'm runnning as a Limited user on purpose so stuff like this can't happen but
I guess that didn't matter. I'm thinking I could have been hit by one of those
new Zero day exploits but who knows. I did miss a day of patches, I just Patched
my PC yesterday with those new Security Updates. Most of these sites I go to are
well known but there are a few I know that the admin may not keep his security patches
for his server up to date. The last thing I want to do is polute the internet with another
bot net drone.
Windows XP Pro ( Service Pack 2 )
All current Patches
FireFox with No Script extension.
Thanks guys, I really need your help ........
Operating System:Windows XP Pro
Product Name:ZoneAlarm (Free)