Results 1 to 4 of 4

Thread: Computer attempts to access "dns_registration" at an unknown IP

  1. #1
    ckbosh Guest

    Default Computer attempts to access "dns_registration" at an unknown IP

    Background
    WinXP sp2
    ZA Free 9.2.057.0000

    Popup Alert
    "The firewall has blocked Internet access to dns_registration [184.106.31.166] (TCP Port 445) from your computer [TCP Flags: S]"

    Log Entries
    Show the same outbound destination as did the alert. Source comes from a variety of ports. Outbound destination in the "Destination DNS" column is "dns_registration:MYNETWORKNAME" (net name obscured for this message).

    Destination IP
    Not in my LAN. Best I can find, it's a Rackspace server, but I'm not 100% certain of that. Little info found about that IP.

    Events Causing Alert
    1. On boot of one specific other computer on the LAN. I believe it's the one in the LAN that has control of the DHCP addresses for the LAN (but I'm at the limit of my network knowledge on that)
    2. On double-click on any PDF document (yesterday, but not today)
    3. On File/Print dialog on Outlook email messages (today, not before). Intermittent, not every File/Print dialog.
    4. No such behavior on any other computer on the LAN.

    Malware Prevention / Scan
    1. AVG always running & up-to-date
    2. Full scan by AVG: no malware found
    3. Full scan by MalwareBytes: no malware found
    4: Full scan by GMER: no malware found

    Despite the clean scans, this seems to stink of malware attempting to phone home. I really, really hope there's a benign reason and I'm not seeing a well-hidden rootkit.

    Questions
    1. Is there a reasonable benign explanation for this?
    2. If it is malware, with ZA blocking these attempts, would anyone hazard if I've been reasonably protected to-date?

    Hoping someone has some insight.
    Last edited by GeorgeV; April 1st, 2011 at 05:51 PM.

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Computer attempts to access "dns_registration" at an unknown IP

    Welcome to the Zone Alarm User Forum..

    This Forum exist to allow Volunteer experienced Zone Alarm Users to help the Few Users who encounter a problem with ZoneAlarm and need to be guided in the right direction..

    It is Sometimes very Difficult to Diagnose and fix a Computer from halfway across the Country, without All the Details about your computer and Software that you failed to provide, without our ability to sit in front of your Computer monitor and see what's going on..

    *** NOTICE:

    Whenever posting here, it is always advisable to list Full details of your Computer:

    It is normally Helpful when posting here to give full details of your computer setup.

    Give the Exact Type and version of Zone Alarm used
    , Windows Version used, other security tools installed. is this a First time install?
    Stopped working recently? other issues? Error messages in the ZA logs?

    The More information you post the more likely users here will be able to understand the issue and try to help.

    also is this a DeskTop, Laptop computer or Netbook.

    Please List any other Security Programs installed as these programs may be conflicting with Zone Alarm.

  3. #3
    ckbosh Guest

    Default Re: Computer attempts to access "dns_registration" at an unknown IP

    Hello GeorgeV,

    >Give the Exact Type and version of Zone Alarm used*, Windows Version used, other security tools installed. is this a First time install?
    Stopped working recently? other issues? Error messages in the ZA logs?


    I certainly appreciate that you need full information. I believe that I answered the items you asked for (quoted above) in my initial message sections entitled "Background", "Popup Alerts", "Log Entries" and others that follow them.

    Am I missing something else that I should have provided? The only things that I can see that I missed, based on your reply are:

    * The computer is a desktop computer.
    * It is not a first time install. I have use ZoneAlarm for 10+ years.

    Please tell me what I've missed beyond that. I thought I was quite diligent in giving information in my initial question.

  4. #4
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Computer attempts to access "dns_registration" at an unknown IP

    [QUOTE] Background
    WinXP sp2
    ZA Free 9.2.057.0000[/QUOTE]

    I'm Sorry but We can not fix problems that occur while your using out of date Software,

    Many of the Security problems may already have been fix , By the Current approved version of Windows XP SP3 (containing over 300 Win XP Bug Fixes) and 100 Plus added WinXP updates after the Release of Win XP SP3..

    PLEASE READ this Forum Link: Microsoft Ends Windows XP SP2 Support


    Next after you fully Update Windows XP, then you should Download the Current version of Zone Alarm Free version 9.2.106.000

    If you had tried the Zone Alarm Download area and not the History area
    you can Download ZA Free 9.2.106.000 directly from ZoneAlarm..

    http://www.zonealarm.com/security/en...e-download.htm

    please post back when you have read all of the above links and fully updated your computer..
    Last edited by GeorgeV; April 1st, 2011 at 07:36 PM. Reason: typo
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: March 26th, 2011, 03:51 AM
  2. Replies: 2
    Last Post: June 15th, 2010, 09:31 PM
  3. [SOLVED] Browser Security "OFF" -> uncheck "Block Reported Web Forgeries" in Firefox
    By fxp in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 2
    Last Post: April 18th, 2010, 08:05 AM
  4. "Not enough virtual memory" or Zone Alarm "instability"
    By lhanks in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 2
    Last Post: September 29th, 2009, 07:07 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •