Like so many people recently, I found one PC on our network (with latest updates of XP Pro & ZAV) seriously sick: failing to update and locking up all over the place.
The solution turned out to be deleting ZAV and reinstalling.
By "deleting" I mean ruthlessly expunging every trace of ZA in files and the registry.
Less brutal solutions repeatedly recommended
elsewhere in this forum did not work.
An unexpected bonus was that ZA hides its licence key so well that I did not need to type it in again!
Maybe I can save other people losing several working days by passing on a few lessons learned:
The root cause of the problem is still a mystery.
For a while I suspected that ZA had reached the point (as happens eventually to most smallish IT firms) of losing the battle against bigger badder guys, and it had simply shipped some dodgy versions.
Then I worried about various "expert" programs (e.g. UltraVNC, Virtual PC, remote camera viewer) loaded, or changes to our network.
Finally, however, I cannot improve on pointing out that ZAV will not update while Microsoft is updating, and maybe recent big MS updates put ZA off its stride.
Also ZA may not have correctly recognised all computers on our network as being in the trusted zone.
ZA's firewall blocked and logged multiple attempts to send packets out to a bizarre address that implied some process was trying to communicate without my permission.
(ZA staff need to work on the on-screen display and documentation of "Destination DNS".)
Much time-consuming scanning revealed no malware.
Free products that I like include Sophos's rootkit detector, plus of course AdAware and Spybot.
Trend's Housecall gave false positive on some contents of my HOSTS file!
The key tool was ZTREE, a wonderful program that lets you list all the files on a drive by time of creation, so I could examine all files created around the time of ZA's firewall logs of the outgoing packets.
The answer turned out to be that a remote Internet address had been added to my Network Neighbourhood.
Heaven knows what key I had accidentally pressed to do that.
Mercifully I was spared the ultimate clean-up process if my PC had been cleverly rootkitted: to take out its hard drive and slave it on another PC, malware-scan it there, and then overwrite files in its Windows and System32 directories.
Only if that failed would reformatting and reloading Windows have been needed.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Antivirus