Results 1 to 9 of 9

Thread: How to deal with these random "attempting to monitor user activities" messages?

  1. #1
    ambush Guest

    Default How to deal with these random "attempting to monitor user activities" messages?

    I have asked this question months ago, but I still have not received an answer, so I'm trying again.

    Every once in an unpredictable while (say once every four days or so), ZoneAlarm Pro will pop-up a great many "attempting to monitor user activities" messages during an entire boot-up session. They look like this:



    Now, I have an exhaustive collection of high quality anti-malware software installed and running on my computers besides ZoneAlarm. When I've seen these messages, I've scanned like crazy using about a half-dozen tools, and have never found the tiniest problem. Yet, the ZoneAlarm messages persist for the duration of the session. After a re-boot, they're gone again for a few days.

    Any suggestions?

    Thanks.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: How to deal with these random "attempting to monitor user activities" messages?



    Hi,

    Welcome to the Forum!

    Getting constant Program alerts for a particular program?

    http://forum.zonelabs.org/zonelabs/b...ssage.id=13645

    If the above info does not answer your question, PLEASE contact Tech Support.

    https://www.zonelabs.com/store/conte...ch_support.jsp


    SlyFox
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. #3
    ambush Guest

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    I've read the link you provided.

    Clearly I must contact tech support again, since I made it abundantly obvious that this doesn't happen with only one specific program and further that no such advice could be relevant because in three out of four sessions the problem doesn't occur at all.

  4. #4
    naivemelody Guest

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    http://forums.zonelabs.org/zonelabs/...ssage.id=17650

    "The winamp "hooking" into the keyboard measn this is
    a) not a rootkit by any means
    b) absolutely normal, if you allow the keyboard shortcuts or use keyboard shortcuts or for that matter, use the mouse for the player.
    c) perfectly acceptable and is by no means anything nefarious,
    d) no reason to panic and start doing lots of security scan and checks, becuase they will come clean anyways."
    "Many applications and programs and files do the "hooks" into the keyboard and the mouse. Nothing unusual or new. It is just now a security software has told you for maybe the first time this is happening and now it is panic. No need to worry."


    Message Edited by NaiveMelody on 11-21-2007 10:02 PM

  5. #5
    ambush Guest

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    Thank you for your reply and your efforts to assist me.

    The thing is, though, that the specific image of the error message I provided is but an arbitrary example. ZoneAlarm never warned me about Amp ever again. On other occasions it has warned me that notepad was "attempting to monitor user activities". Other times it warned me that calculator was "attempting to monitor user activities". The programs it warns me about are completely random and completely innocuous. Was notepad actually attempting to monitor user activities? I doubt it very much.

    Note also that during most sessions, I get no such errors at all. I cannot imagine how, if the fault lay in my anti-malware software (or anywhere at all other than ZoneAlarm), it wouldn't complain during every session.

  6. #6
    ambush Guest

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    SlyFox, I appreciate the link you provided for the ZoneAlarm Tech Support form.

    However, after 20 tries using both Firefox and Internet Explorer, it REFUSES to accept my form!

    I was using Firefox 2.0.0.9, but I read and complied repeatedly with the instructions to "please fill out all fields, then please press your browser's refresh button, THEN click submit". But every single time I pressed "submit", the exact same page returned with everything intact EXCEPT the "Confirm Email Address" field, which I had actually entered each and every time with the exact same email address I used in the "Email Address" field (in fact, I copied and pasted it). Eventually I was forced to try the dreaded Internet Explorer to get this through, but that didn't work either! The exact same thing happened with both browsers.

    Might you know how I can get my tech support request through?

    Thank you.

  7. #7
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    I had the very same thing happened to me when I tried to get a hold of Tech Support for a problem. But, I found out what was causing that, was the fact I was using ForceField, which stopped any type of Active X controls on my computer, therefore when I disabled ForceField, the problem was solved and my Tech Support Web Form was forwarded. Now, by chance do you have ForceField installed on your computer? If not, PLEASE make sure Active Scripting is enabled, etc. After you forward your info to Tech Support, PLEASE make sure you DISABLED Active Scripting and your computer is safe again.PLEASE keep me posted on your results, THANKS.SlyFox
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  8. #8
    watcher Guest

    Default Re: How to deal with these random "attempting to monitor user activities" messages?

    Dear ambush:

    Per your request from another thread, I looked at this thread but I can't give you a solution to these intermittent messages re random programs. Your original post's link was to the home page of photobucket.com, not the image you wanted us to see. NaiveMelody stated that one was for amp.exe. I found a thread using Google here:

    http://forum.dbpoweramp.com/showthread.php?t=9016

    You might have a rootkit, user-mode or kernel-mode, resident on your PC but if you are using several antispyware utilities on your PC, one of them probably scans for rootkits. You could also download the free Rootkit Revealer, current version 1.71, from here:

    http://www.microsoft.com/technet/sys...tRevealer.mspx

    User-mode rootkits do not fare well on Windows systems because Windows File Protection replaces any trojanized critical system files with the real ones from its cache. A kernel-mode rootkit like FU is another matter. This type of rootkit can fool file integrity checkers like Tripwire and many other system/security tools because of how it works. The only way to accurately detect this rootkit would be to boot from a Helix or Knoppix Linux CD, mount the Windows partition in Linux, then use the tools on either one of these CDs to examine the Windows partition. Since you are using a Linux kernel, not the possibly rootkitted Windows kernel, to make the analysis, the results will be more accurate.

    I doubt that you have a resident rootkit but I included this an a FYI. I would, however, track these on a spreadsheet or similar program and note the date, program(s) listed on the alert, type of alert, alert message text, and any other pertinent info re the alert. You might be able to determine the cause this way.

    Hope this helps.

    WATCHER

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default ???

    OK I have waited long enough.

    The winamp "hooking" into the keyboard measn this is
    a) not a malicious rootkit by any means
    b) absolutely normal, if you allow the keyboard shortcuts or use keyboard shortcuts or for that matter, use the mouse for the player.
    c) perfectly acceptable and is by no means anything nefarious,
    d) no reason to panic and start doing lots of security scan and checks, becuase they will come clean anyways.


    Many applications and programs and files do the "hooks" into the keyboard and the mouse. Nothing unusual or new. It is just now a security software has told you for maybe the first time this is happening and now it is panic. No need to worry.

    Somethings will hook directly into the hardrrive or the file system, and some will hook into the lower kernel of the Operating system or into the lower drivers (audio, video, drive, etc). There is no hidden files as it would be with a rootkit.

    Consider the fact that the AV and the ZA have already hooked into the PC, so has any of the additional security you have installed, more tha n likely the graphics drivers/files and probably a few others.
    Some users even have issues when installing too many security applications on a PC - ever wonder why?
    Because the security are all hooking into the same places and files and drivers and kernels and all at the same time and each one demanding the same useage at the same time and attempting to do the very same things at the same time. Then users wonder why the PC becomes slow or sluggish or experiences delays or has unedxpected cpu spikes or has disappearing spare memory. This is not just limited to security _but many software will "hook" either by user hooks or lower kernel hooks. Sometimes the "keep it simple" approach to security is the best approach.

    Oldsod

    BTW, if you want to see the hooks in a definite listing, just run Gmer. But just set it to logging, and nothing else. You could even try the freeware SSM - it will also show some hooks and is configurable to allow or disallow hooks (it will not bother after either your initial setting or for any further changes you make). The Gmer is a good rootkit finder and remover, but you must really know what you are doing. The SSM will show and log as desired or needed and it will prevent rootkits (plus troyans, worms, viri, malware, keyloggers, cws, etc).

    Message Edited by Oldsod on 11-22-2007 01:27 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •