In ZoneAlarm Security Suit 7.0.483, since I could not bring to work
none of the newer versions (V8. and extreme )
While testing a site which had sent spam / scam to a friend, ZoneAlarm blocked an attempt of installing a spy program o whatever. In the system try alert I got a fast message telling me that. The message was so fast that I could hardly read it anyway. The spy site blocking alerts logged the site twice and I got the corresponding IP via the lookup facility of
ZA at the Firewall/Zones section. The IP returned by the lookup is 18.104.22.168. I set this IP in the blocked zone.
I run the ZASS spyware and antivirus facilities and got nothing (everything apparently clean). Then I run
tfsbl.exe (Rootkit detecter and eraser) nothing found; everything clean. In the meantime ProcessGuard was also running, which, supposedly, prevents any installation of rootkits and drivers and also prevents any modification of any program. I finally run sfc/ scannow to restore the original XP-SP3 Windows protected files.
But today, I discovered in the ZASS Alert & Logs /Log viewer several attempts by Firefox, Outlook and Mantispm.exe
to outgoing connect the IP 22.214.171.124:53 blocked by ZASS. Since I clean the logs on a 48 hours basis I only could discover attempts at yesterday (may 27) and today (may 28). Thirty (30) Attempts in total.
This time I also put the IPs in my hardware firewall (router).
I run today the ZA Spyware and nothing was detected.
Moreover, right now the ZASS spy blocker has logged
another two attempts over my system from two different-named sites, but with the same IP (126.96.36.199), again I have put both, names and IPs, in the ZA blocked zone and in the hardware firewall (router)
After this, I have downloaded the Trojan Hunter trial version. Trojan Hunter has detected several versions of (Agent.2008). In different locations, which
might be false positives (?). The THunter report was:
Found trojan file: C:\hp\bin\AUTOTKIT.EXE (Agent.2088)
Found trojan file: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Agent.2088)
Found trojan file: C:\hp\EXPLOREBAR\AUTOTKIT.EXE (Agent.2088)
Found trojan file: C:\Program Files\RBW Platinum And Butterfly Desktop\MouseHook.dll (TrojanDownloader.Agent.3105)
How many of theese are known to be false positives in TH, since ZASS does not detect them?
So,my questions are:
What could be going on?
Any trojan cleaner free?
By the way, I am still in ZASS v7 since I could not upgrade to extreme despite I have 150 days extended download left. As soon as I try to upgrade my system freezes and I have tried more than twenty times with both version 8 and v 8 extreme. And I followed every thing advised in the foro but no way. Is there anything new to let me upgrade?
(Sorry for so
many edits, I did not want to lose the connection,
I have sent the massage several times while trying to explain the situation as clearly as possible. I beg your pardon)
Message Edited by ems on 05-28-2009 05:54 AM
Message Edited by ems on 05-28-2009 05:56 AM
Message Edited by ems on 05-28-2009 06:02 AM
Message Edited by ems on 05-28-2009 06:05 AM
Message Edited by ems on 05-28-2009 06:06 AM
Message Edited by ems on 05-28-2009 08:48 AM
Message Edited by ems on 05-28-2009 08:49 AM
Message Edited by ems on 05-28-2009 10:46 AM