Results 1 to 4 of 4

Thread: zlclient.exe phoning home to www.volny.cz / 212.20.96.20:53 ?

  1. #1
    mikemars Guest

    Default zlclient.exe phoning home to www.volny.cz / 212.20.96.20:53 ?

    Hi, Noticed the following entry in the program logs, roughly at daily intervals:Rating: 'high', Type: repeat program, Program: e:\program files\Zone Labs\ZoneAlarm\zlclient.exeDirection: outgoing connectionDestination: www.volny.cz, IP 212.20.96.20:53Rating: 'High'Type: repeat programProgram: e:\program files\Zone Labs\ZoneAlarm\zlclient.exeOutgoingDestination: keywordmax.com, IP 207.67.50.20:53 Also noticed that my antivirus update has been timing out, so I wonder if it's been messed up somehow?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: zlclient.exe phoning home to www.volny.cz / 212.20.96.20:53 ?

    Hi
    Try some online scans from

    bitdefender.com
    housecalls from trendmicro.com

    and either the online scan from ewido.net or just download and install the shareware that will turn into a permanent freware software.

    Please use the IE6 browser for these tasks since they rely on the activeX to perform the online scans. If they do find something (and they will remove the posiible malware), it is very adviseable to follow this up with a HJT. HJT or HiJackThis is an excellent tool. Please sign up and post the HJT log results in a forum such as spywarewarrior or castlecops. The HJT experts in the security forums will give a correct solution to remove and repair the problem (for free as well, no charge!). If your scans came clean from the scan sites and you still feel unsure about the possible compromised PC security, then do not hesitate and go ahead and do the HJT anyways.

    If the scans come clean and the HJT is clean, then I suggest a correction in the ZA database. Please follow Guru Bill's procedure:

    http://forum.zonelabs.org/zonelabs/b...ssage.id=35896

    TTYL

    Oldsod
    Best regards.
    oldsod

  3. #3
    billc Guest

    Default Re: zlclient.exe phoning home to www.volny.cz / 212.20.96.20:53 ?

    It is never a bad idea to do scans as Oldsod suggests, but I think this is very normal behavior by Zone Alarm. The port for each of the IP's you post is used for DNS Service to convert between URL's and IP Addresses. Zone Alarm's zlclient.exe will access DNS Services to provide the 'additional' information you can get in your Alerts & Logs by right clicking on an entry. It turns out that your firewall accesses this information even if you do not request it. I think you're ok and need not worry.

  4. #4
    mikemars Guest

    Default Re: zlclient.exe phoning home to www.volny.cz / 212.20.96.20:53 ?

    Thanks for that, I'm about half way through the tests suggested. I did get some matches, tracking cookies, one I'm pretty sure is a false positive (cvs_nt version 2.5.0.something's .msi installer), and one an old version of Kazaa. Since I don't use any of the software involved I deleted them anyway.I may uninstall/reinstall ZA-SS to see if that resolves the antivirus update issue.ZLClient.exe is 968,696 bytes in size,modified date18/6/2006 17:54, created date 30/3/2006 00:15:29, signed by 'Check Point Software Technologies Inc.' on 19/6/2006 01:54:46.I'm sure that these will be the correct details for 6.5.722.0, but if someone could confirm that, it would be handy :-)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •