Results 1 to 5 of 5

Thread: C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

  1. #1
    trinitron Guest

    Default C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

    I've looked at my 'Alerts and Logs' page and found that program C:Program Files\Zone Labs\Zone Alarm\zlclient.exe made an outgoing (connect0 which was Allowed/Auto to Destination DNS of www.beerliquors.com.Other connection by this program are a26.ms.akamai and cm2.zonelabs.com. I can understand the last one is it OK to be connecting to www.beerliquors.com. I had never been on this website, but since spotting this in the log, I had a look and it sell beer and liquor.
    Have I got a problem?
    Thanks

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

    Hi

    Block this in the ZA's Zones of the Firewall. Use 72.22.92.33 for the IP of the beerliquor.com

    Just as an interest, does the Generic Host Process have server rights for the Trusted Zone and are the localhost, DNS, DHCP and the gateway addresses included in the Zones as Trusted?

    Oldsod
    Best regards.
    oldsod

  3. #3
    trinitron Guest

    Default Re: C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

    Thanks for the swift response.I'm afraid I don't fully understand your instruction as I'm a bit (well alot) of a novice - sorry, a bit of hand holding required.I've gone into firewall/zones and selected add/IP address. The only option it gave was to add to my trusted zone. Also, are you saying block 'C:Program Files\Zone Labs\Zone Alarm\zlclient.exe' and/or 'www.beerliquors.com'.Are there any other addresses I should 'block'.
    Looking in the 'Program Control' area:-'Generic Host Process for Win32 Services' is set as follows:Access - Trusted = Tick, Internet = TickServer - Trusted = Tick, Internet = X
    localhost, DNS, DHCP and the gateway addresses
    'Application Layer Gateway Service' is all set to ? (is this the 'gateway addresses' you mention?).
    I can't find any listing that looks like 'localhost', 'DNS' or 'DHCP'.
    Am I looking in the correct place? Is there anyting else I should be looking for?
    Another 'strange' (to a novice!!) entry in the Alerts & Logs is C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Allowed Outgoing (connect) to Destination DNS 'www.bikeforall.net'. Is this OK.There are other connections which may also be suspect, but these stand out as bikes and beer don't seem to have anything to do with the 'programs'.
    Hope this helps.I have avg free, spybot, adaware and windows defender running. They all say I'm clean.Have I got a problem and is there a way to reset all the Zone Alarm defaults.
    Again, thanks for your time.
    Trinitron

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

    Hi

    "Block this in the ZA's Zones of the Firewall. Use 72.22.92.33 for the IP of the beerliquor.com"

    Use the dropdown in the ZA and do not select the Trust. Use block.

    Foolow the page from Guru Hoov and this will help explain things>

    http://www.donhoover.net/dnsdhcp.html

    The DNS servers, DHCP, loopback and possible gateway have to be manually added. They must be listed as Trusted.

    The Generic Host Process looks OK.

    We can remove the ZA database, but you will have to keep in mind hwar we just did or will do to set it up properly. The ZA will be completely clean and the steps we are going over will have to be repeated.

    To clean the ZA database>

    Boot your computer into the Safe Mode

    Navigate to the c:\windows\internet logs folder

    Delete the backup.rdb and iamdb.rdb files in the folder

    Clean the Recycle Bin

    Reboot into the normal mode

    ZA will be just like new with no previous settings or data


    Now after the reboot, use the Remember and Allow in the ZA popups.

    Then do the ipconfig /all in the command and add the DNS server(s), DHCP, gateway and loopback (127.0.0.1) manually amd listed as Trusted in the Zones of the Firewall of the ZA.

    Then set the Generic Host Process properly.

    How are we doing? Fid I go to fast? Hey I understand that this all seems like a foreign language, but just bear with me and we can get this all fixed up.

    Spybot and the ZA going to strange places actually could be legitimate. I will give you some links to do some free online scans to check to make sure there are no trojans or malware still bypassing your PC scanners. Please use the IE for these scans because they all need the activeX to work>

    http://www.bitdefender.com/scan/license.php

    http://www.ewido.net/en/onlinescan/

    http://www.microsoft.com/security/ma...e/default.mspx

    http://www.trendmicro.com/spyware-scan/

    http://us.mcafee.com/root/mfs/default.asp

    Please, if I missed any steps in the instructions then we can go into more details and depth.

    Oldsod
    Best regards.
    oldsod

  5. #5
    trinitron Guest

    Default Re: C:Program Files\Zone Labs\Zone Alarm\zlclient.exe Destination DNS is www.beerliquors.com

    I'll run some of the scanners you list, but I'm afriad I don't understand your other instructions, and feel it could be a rather frustrating exercise for you to talk me through the stages. I don't want to put you to too much trouble, so rather than a full lesson in ZA set-up, is there a 'duffers' guide you can point me to?I'm going away tomorrow for a couple of days, so won't have chance to do anything before the weekend. Speak to you then.
    Thanks again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •