Results 1 to 4 of 4

Thread: Zonealarm Alert for Google toolbar access?

  1. #1
    johnkeats Guest

    Default Zonealarm Alert for Google toolbar access?

    I have Google Toolbar installed, but don't really use it, and haven't changed it in more than a year.
    Furthermore, I find no reference to
    gtb694 online, and find no correlaton online between Google Toolbar and port 4651.
    I am wondering whether this is malware impersonating Google Toolbar.
    I have run ZoneAlarm for a long time and never seen a request like this.
    My ZoneAlarm popped up this alert:
    Google Toolbar is trying to access the internetValidation: Not available in ZoneAlarmApplication: gtb694.tmp.exeDestination IP: 127.0.0.1:Port 4651
    More Information Available:
    This is the program's first attempt to access the Internet.

    Operating System:Windows XP Pro
    Software Version:
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Zonealarm Alert for Google toolbar access?

    Actually the install never attempted to "go online".
    The 127.0.0.1 is a local address (internal address of the computer itself ) and it is not an internet address by any means.
    Nothing special about the port either - it is below 5000 and is still using the loopback address. Probably the port is random and this signifies nothing special really special (a destination port of a correct internet address would be more interesting).

    Nothing to worry about, other than having a google toolbar installed in the first place (is the google toolbar really neccessary. I mean do you really need it?).

    Oldsod.
    Best regards.
    oldsod

  3. #3
    johnkeats Guest

    Default Re: Zonealarm Alert for Google toolbar access?

    Thanks much for your response.
    If it is in fact Google Toolbar, which I've been considering uninstalling anyway, I'm not concerned about the activity.
    Being the paranoid type, wouldn't it be really easy for malware to pose and report itself as a "legit" app like Google Toolbar?
    What's so odd is that Zonealarm never popped an alert like this before for Google Toolbar in the couple of years I've had Zonealarm and the toolbar installed.
    I've run Malwarebytes which came up clean, but I'm looking for peace of mind now.
    The filename "gtb694.tmp.exe" isn't referenced anywhere which also surprises me if it is in fact a Google product.


  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Zonealarm Alert for Google toolbar access?

    "gtb694.tmp.exe" does give an indication that the file is a Temporary file somewhere in the Temp folders. Any file attempting internet access or for that matter any localhost connections will be alerted by the ZA.
    The ZA does this as this is correct method of preventing malware to install or connect to the internet when they are using the Temp folders.
    (even though the Temp folders is a very common place for many legitimate files to get installed into windows and even do upgrades from previously installed programs)

    Just pay special attention to the exact location of the file and the folder on the hard drive in these alerts. This is very important to help make the decision for allow or deny.
    Also this will be recorded in the Log Viewer of the Logs and Alerts in the ZA - if you need to check over the ZA alert or need to do some researching.


    If you ever happen (and I hope you never will) see something like explorer.exe or svchost.exe or some strange driver file (such as .sys) attempting localhost connections or worse some internet connections all originating from the folders in the Temp folders.... then be very aware that these are common types of malware/rootkits.
    If you were browsing the web or reading emails and these sort of alerts came suddenly from the ZA concerning attempts of any kind for a file in the Temp folders, then you should definitely be concerned as there could be a malware attempting to install or corrupt windows.

    For the most part, doing an installation of legitimate files should not be too much of any particular concern such as windows updates, upgrades of previously installed programs, new installations and so forth. As long as these are legitimate programs to begin with and are not bad/malicious files in the first place.

    You should check the google toolbar files and see if the toolbar got upgraded at the same or almost same time and date as the ZA alert. It may have automatically upgraded by itself in the background (yes it works in the background even if not used or ignored).

    Oldsod.

    Message Edited by Oldsod on 01-09-2009 12:12 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •