Results 1 to 6 of 6

Thread: explorer.exe attempts to filewrite zlclient.exe

  1. #1
    orangeblossom Guest

    Default explorer.exe attempts to filewrite zlclient.exe

    OS: Windows XP Home SP2
    ZoneAlarm Security Suite 6.5.722.000

    Stand-alone computer: internet connection via dial-up using password: no proxy connections allowed.

    Every time I start up my computer, explorer.exe attempts twice to file write: here is the info. from the log from when I started up on Aug. 5.

    OSFW 2006/08/05 09:58:56 -4:00 GMT BLOCKED Windows Explorer C:\WINDOWS\explorer.exe FILE WRITE SRC ZLDIR\zlclient.exe
    OSFW 2006/08/05 09:58:56 -4:00 GMT BLOCKED Windows Explorer C:\WINDOWS\explorer.exe FILE WRITE SRC ZLDIR\zlclient.exe

    I have checked explorer.exe with JottiScan, FortiGuard, and scanned with ZoneAlarm, Edwido, SpyBot, and Ad-Aware SE in safe mode. None of them find anything.

    Here are the MD5 and Checksum numbers from the tech. info. page that I got when I clicked on "more information"

    Program MD5 a0732187050030ae399b241436565e64 The MD5 hash, or number, that uniquely identifies the executable.

    Smart Checksum 914e0a8ba776d336d75ff1e236b15833 The SKIMP hash, or number, that uniquely identifies the executable.

    and the specific file path:

    Filename C:\WINDOWS\explorer.exe

    I've checked the MD5 number with ProgramChecker, and it appears to be legitimate.

    Is this something going on that shouldn't be? Is it a weird sort of program conflict? Or do I need to adjust my settings?

    Orange Blossom

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    muffincharizard Guest

    Default Re: explorer.exe attempts to filewrite zlclient.exe

    That definately isn't normal. Have you had any alerts recently about exploer changing? Has this just been continuously happening since the fifth of August?

  3. #3
    orangeblossom Guest

    Default Re: explorer.exe attempts to filewrite zlclient.exe

    I'll have to go back through my logs to find the specific date when this first happened. I'll post back when I find out. I'm at a different computer right now. I know it wasn't happening when I first installed ZoneAlarm in July of this year. I'm not aware of any changes to Windows Explorerer other than those caused by any Windows Updates and afew programs I installed, one of which I have since uninstalled. There were some infection items removed recently: a trojan, a worm, and some virus files: the latter attached to one of my mail accounts. I can post the logs if they will help solve this mystery.I have done several things to see what the cause might be. You might want to take a look at this thread at Bleeping Computer as I list several things I have tried there. http://www.bleepingcomputer.com/forums/topic62169.htmlOrange Blossom

  4. #4
    muffincharizard Guest

    Default Re: explorer.exe attempts to filewrite zlclient.exe

    Chances are you are still infected or explorer has remained modified. I would continue to search for viruses.

  5. #5
    orangeblossom Guest

    Default Re: explorer.exe attempts to filewrite zlclient.exe

    I've scanned many products, and none of them find anything: I've just completed scanning with SpyBot, Ad-Aware, Edwido, and ZoneAlarm in Safe Mode - all clean. I've had JottiScan and whatever it was (read the topic in the link in my last post) scan explorer.exe and they cannot find anything wrong with it: the MD5 number is legitimate also. ProgramChecker cannot find anything wrong with explorer.exe My HiJack This log is clean as well. McAfee Sting never did find anything. Blacklight Root Detector didn't find anything. Panda On-line and Bit-Defender on-line also come up clean. I'm really at a total loss here. I'm tempted to uninstall and reinstall ZoneAlarm it at this point.

    Orange Blossom

  6. #6
    orangeblossom Guest

    Default Re: explorer.exe attempts to filewrite zlclient.exe

    Update: The Bleeping computer staff and I have essentially gone over my computer with a fine tooth comb. There is NO infection on my computer, and investigation of explorer.exe does not show any abnormalities. I actually did uninstall and completely delete ZoneAlarm and then reinstalled it, and the problem persists.

    The attempted file writes by what ZoneAlarm identifies as explorer.exe date from at least Aug. 4, prior to my latest Windows update on Aug. 9. These attempted file writes occur every time I start-up, or if I have logged out of the account, it occurs when I log back in. There are two attempts, that are either simultaneous or so close that the reported time is the same, that occur every time.

    Theories:

    1)The program responsible for the attempted filewrites is misidentified by ZoneAlarm. I have this theory for two reasons: 1: there seems to be nothing wrong with explorer.exe and 2: because ZoneAlarm misidentifies the source of attempted filewrites by Panda On-Line scanner as Internet Explorer.

    2)Something in my computer settings needs to be changed. If I knew exactly WHAT the program in question wanted ZoneAlarm to do, I would have a better idea of just what is going on.

    Orange Blossom

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •