# Zone alarm



## malice69 (May 19, 2005)

hey i just recently installed Zone alarm firewall... im just wondering if in 2 days it is normal for it to have blocked 1839 intrusions?

i have avast anti virus running at the moment which i find pretty good... i also have ewdio security suite running but thats only a 2 week trial. I have spy bot and adaware on my system which i run every week. 

Can u advise me of anything else i could do to protect my system or maybe better programs?

Also i really dont lke Zone alarm for some reason its always popping up with security notices even after i have said "remember this choice". Are there any other firewalls which are just as good? i was using sygate but apparently its being taken over so i got rid of it.


----------



## Guest (Nov 10, 2005)

*WinPatrol*

Not many free firewalls lately.. zonealarm and kerio left..


----------



## keymaker (Jul 12, 2005)

spywareblaster. check out www.majorgeeks.com do download programs. you can download alot of stuff from this website.


----------



## malice69 (May 19, 2005)

ok what about the 1839 intrusions is that normal in less than 2 days?

i might give kerio a go... otherwise i will just go back to sygate for now.

also whats winpatrol do, is it neccesary?


----------



## oldmn (Oct 16, 2005)

> ok what about the 1839 intrusions is that normal in less than 2 days?


It is not unusual for it to have a large number. An intrusion can be any thing that pings a port that it is monitoring. It does not indicate that someone is trying to get to your machine. I just set it not to pop up every alert and ignore it except for my once a week update check.

winpatrol: Someone else will have to fillyou in on this one , never heard of it.


----------



## Guest (Nov 11, 2005)

> WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.
> 
> WinPatrol isn't the only software we recommend for complete safety but with Scotty on Patrol you'll find yourself informed on what's going on inside your computer. WinPatrol puts you back in control of your computer so you'll know what programs are and should be running at all times. source:winpatrol.com





> WinPatrol allows you to get a better understanding of what programs are being added to your computer. It monitors important system areas that are commonly altered by many malicious programs. This includes the startup groups (registry and startup folder), cookies and active tasks. You can terminate processes and enable or disable startup programs. The cookie monitoring option allows you to automatically delete cookies based on a keyword found in the cookie name. Additional features include a WHOIS lookup tool and an option to alert you on changes. WinPatrol is easy to understand, yet quiet powerful. Optional upgrade to a Plus version available.source: snapfiles.com


not %100 necessary as firewalls and AV's but extremely helpful.


----------



## malice69 (May 19, 2005)

ok that sounds rather helpful thanx for that.

Just one last question / problem... i installed ewido and zone alarm just yesterday and it found a few malware and spyware things on my computer and it put them into quarantine. Today i deleted both those programs and it asked whether i wanna delete the files in quarantine i said Yes. A few hours ago i went back into add/remove programs and it was all weird and all my progrmas in there had gone and it was filled with all this weird stuff and programs i have never heard of before and it didnt allow me to remove/change them.. really strange.. any ideas?

PS: im pretty sure the files that were malware and spyware were just cookies ans istbar etc nothing out of system folders or anything.

Also i did a sfc /scannow and it didnt help... no idea what happened or even where to begin looking to fix it.


----------



## Col Colt (Dec 26, 2004)

I believe I would run a HiJack This log and post it.

http://www.majorgeeks.com/download.php?det=3155

Also, get CWShredder and run it.

http://www.intermute.com/spysubtract/cwshredder_download.html

If you don't mind putting out a few bucks, Spy Sweeper is excellent.

http://www.webroot.com/services/spyaudit_03.htm This is the free scan.


----------



## malice69 (May 19, 2005)

hi, CWShedder came back with nothing infected.

my hijack this log is as follows: Logfile of HijackThis v1.99.1
Scan saved at 9:18:36 AM, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Telstra\Cable Login\bpcable.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Downloads\Spyware remover tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigPondCable] "D:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [AtiPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://V5.Windowsupdate.microsoft.com https
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125044304578
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - D:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe


----------



## Col Colt (Dec 26, 2004)

malice69...You've got some questionable entries to me but, I'm not the one to evaluate. I think they prefer you posting that log here...

http://www.techsupportforum.com/forumdisplay.php?f=50


----------



## malice69 (May 19, 2005)

ok thanx mate, ive posted it up in the Hijack This log section.


----------



## malice69 (May 19, 2005)

Ok, i sent my hijack this log off to the correct section and they didnt find any malware at all...

so where do we go now with this probelm of the add/remove programs???


----------



## Col Colt (Dec 26, 2004)

Any program/file(s) I have a hard time deleting I use MoveOn Boot. Also, any program you delete will always leave behind misc. files iin the registry. If you know what those files are called and where they're located it's a simple matter of going into the registry and just deleting them. If you're anxious about fooling with the registry, I would use the program Reg Supreme to scan and get rid of extraneous junk files still handing in there. It's about $15 but worth it to me. If you don't want to spend anything, RegSeeker is another good program that will allow you to clean the registry and find files in there, plus other good stuff.

http://www.softwarepatch.com/software/moveonboot.html

http://www.macecraft.com/regsupreme/

http://www.hoverdesk.net/freeware.htm (RegSeeker)


----------



## malice69 (May 19, 2005)

Cheers mate, but i just did a system restore and it fixed the problem.


----------



## Col Colt (Dec 26, 2004)

That's great...it still doesn't hurt to have those programs. A man can never be overgunned with programs! :sayyes:


----------



## mishkins (Nov 22, 2005)

my zone alarm pro has blocked about 130,000 intrustions over the last month but when I close my torrent program fast people still try to talk to my computer and after the program closes so does the port so thats what it's blocking


----------



## malice69 (May 19, 2005)

Cheers col colt you've been a great help and thanx for your speedy replies.


----------

