Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help with this zone alarm log file


  • Please log in to reply
1 reply to this topic

#1 ~overkill~

~overkill~

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 July 2005 - 12:00 AM

k peeps, Im not familiar enough with reg protocols to handle this alone: i was testing both my messengers to see which had the tool bar that was throwing out the ads. The ad with the guy at the desk which says you are infected even when you are not. as i was trying to access with msn, zonne alarm went bathappy...4 different msnmsgr.exe files were asking permission to acess. the first two i let go knowing one had to be the suspected toolbar. on the third i denied access, as with #4. msn stalled and i went to za for a better look at the progs. it was a dssen. something file, (id have to go back through the history to check, if need be i will.) support at microsoft told me that it was a common f. i. p file used for centuries by darn near every windows ever created. zone alarm said it was safe, ms said it was safe, i allowed the sob access. Immediately upon clicking it into zone, all but 4 programs that had been blocked gained access and busted outta zone alarm...god as my witness i wish i had thought to save a log file previous to that action cuz im tellin ya it was like a set of dominoes. files changed names, my se.dll, which i had finally coralled is back on the loose, both contact lists on my messengers evaporated and the guy who was on aol at the time, on yahoo was knocked off the net. i still dont have access to the net through either messenger, or ie6...i think thats the one on my msn.page, with the cute lil butterfly. According to this file even my copy of spybot went ballistic, asking for access permission. ZA said no to that one, didnt even ask me. Man everything was goin great til that point, the only thing i had left to do with all those things ive had wrong (heck, the first time i ran antispy it caught 6 different points (dialers, coolweb, hotbar, some ellymae whatchadoodle, 6 of em with , count em, over 2000 different sigs and locations...guys i am wrecked. I just went back to square one from all that bleep i been dealin with this morning. at that point i had been sitting here over 10 hours. Im gonna cry. i am. If there is anyone on here who knows enough about zone alarm log files and is willin to help me sort this out i swear next paycheck tell me where to donate, and i will. some of these files dont even say what they did when i blocked em. I sent a copy to za and ms both as well, but to be honest i dont have much faith in em...ive learned more bout this here in one day of reading your posts than the entire planet of ms in the last week. Im going to leave this here, take a bath, get stoned, and crash til the mornin...ill come back and check it out, if there are no solutions to be presented ill start all over again from scratch. At least this time, thankx to u sexy beeeyoootiful people, i have more knowledge to start with than i did the other day. thanks so much for your time ..now how many characters do i have?...i dunno

BC AdBot (Login to Remove)

 


#2 ~overkill~

~overkill~
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 July 2005 - 12:07 AM

:huh: :thumbsup: :( :flowers: :trumpet: :inlove: :) :cool: :woot:


ZoneAlarm Logging Client v5.5.094.000
Windows XP-5.1.2600-Service Pack 1-SP
type,date,time,source,destination,transport (security)
type,date,time,virus name,file name,mode,e-mail id (antivirus)
type,date,time,source,destination,action,service (IM security)
FWOUT,2005/07/14,13:27:14 -6:00 GMT,192.168.0.2:1026,192.168.0.1:53,UDP
PE,2005/07/14,13:29:08 -6:00 GMT,Yahoo! Messenger,205.171.3.65:53,N/A
PE,2005/07/14,13:29:22 -6:00 GMT,Yahoo AutoUpdater,205.171.3.65:53,N/A
PE,2005/07/14,13:46:18 -6:00 GMT,Messenger,192.168.0.1:1900,N/A
ACCESS,2005/07/14,13:46:18 -6:00 GMT,,N/A,N/A
PE,2005/07/14,13:46:20 -6:00 GMT,Messenger,192.168.0.2:14221,N/A
PE,2005/07/14,16:00:42 -6:00 GMT,Generic Host Process for Win32 Services,209.152.119.245:80,N/A
ACCESS,2005/07/14,16:00:42 -6:00 GMT,Generic Host Process for Win32 Services was unable to obtain permission to use LiveUpdate Engine COM Module to connect to (209.152.119.245:HTTP); access was denied.,N/A,N/A
PE,2005/07/14,16:01:04 -6:00 GMT,Yahoo! Messenger,192.168.0.1:53,N/A
ACCESS,2005/07/14,16:01:04 -6:00 GMT,Yahoo! Messenger was unable to obtain permission to use Yahoo AutoUpdater to connect to (192.168.0.1:DNS); access was denied.,N/A,N/A
PE,2005/07/14,16:05:14 -6:00 GMT,Generic Host Process for Win32 Services,127.0.0.1:1048,N/A
ACCESS,2005/07/14,16:05:14 -6:00 GMT,Generic Host Process for Win32 Services was unable to obtain permission to use Internet Explorer to connect to (127.0.0.1:Port 1048); access was denied.,N/A,N/A
PE,2005/07/14,16:23:24 -6:00 GMT,Ad-Aware SE Core application,0.0.0.0:0,N/A
PE,2005/07/14,16:32:10 -6:00 GMT,Ad-Aware SE Core application,207.44.136.40:80,N/A
PE,2005/07/14,16:32:10 -6:00 GMT,Ad-Aware SE Core application,207.44.136.40:80,N/A
PE,2005/07/14,16:32:14 -6:00 GMT,Ad-Aware SE Core application,207.44.136.40:80,N/A
PE,2005/07/14,16:34:04 -6:00 GMT,Spybot - Search & Destroy Setup ,192.168.0.1:53,N/A
PE,2005/07/14,16:34:06 -6:00 GMT,Setup/Uninstall,192.168.0.1:53,N/A
PE,2005/07/14,16:34:06 -6:00 GMT,Setup/Uninstall,192.168.0.1:53,N/A
PE,2005/07/14,16:34:08 -6:00 GMT,Setup/Uninstall,192.168.0.1:53,N/A
PE,2005/07/14,16:34:10 -6:00 GMT,Setup/Uninstall,212.227.253.104:80,N/A
PE,2005/07/14,16:40:26 -6:00 GMT,Setup/Uninstall,192.168.0.1:53,N/A
PE,2005/07/14,16:40:30 -6:00 GMT,Spybot - Search & Destroy,192.168.0.1:53,N/A
PE,2005/07/14,16:40:30 -6:00 GMT,Spybot - Search & Destroy,192.168.0.1:53,N/A
PE,2005/07/14,16:41:34 -6:00 GMT,Spybot - Search & Destroy,192.168.0.1:53,N/A
PE,2005/07/14,16:56:36 -6:00 GMT,Client Server Runtime Process,0.0.0.0:0,N/A
PE,2005/07/14,17:28:24 -6:00 GMT,Yahoo! Messenger,192.168.0.1:53,N/A
PE,2005/07/14,17:41:36 -6:00 GMT,Internet Explorer,68.142.196.210:80,N/A
PE,2005/07/14,17:41:46 -6:00 GMT,Generic Host Process for Win32 Services,127.0.0.1:1161,N/A
PE,2005/07/14,17:41:56 -6:00 GMT,Microsoft AntiSpyware Data Service,127.0.0.1:1161,N/A
PE,2005/07/14,17:42:06 -6:00 GMT,Microsoft AntiSpyware Updater,127.0.0.1:1161,N/A
PE,2005/07/14,17:42:06 -6:00 GMT,Microsoft AntiSpyware Updater,127.0.0.1:1161,N/A
PE,2005/07/14,17:42:06 -6:00 GMT,Microsoft AntiSpyware Updater,127.0.0.1:1161,N/A
ACCESS,2005/07/14,17:42:38 -6:00 GMT,Microsoft AntiSpyware Updater was temporarily blocked from connecting to the Internet (127.0.0.1:Port 1161).,N/A,N/A
ACCESS,2005/07/14,17:42:38 -6:00 GMT,Microsoft AntiSpyware Updater was temporarily blocked from connecting to the Internet (205.171.3.65:DNS).,N/A,N/A
PE,2005/07/14,17:42:40 -6:00 GMT,Microsoft AntiSpyware Updater,192.168.0.1:53,N/A
ACCESS,2005/07/14,17:42:46 -6:00 GMT,Microsoft AntiSpyware Updater was temporarily blocked from connecting to the local zone (192.168.0.1:DNS).,N/A,N/A
ACCESS,2005/07/14,17:42:48 -6:00 GMT,Microsoft AntiSpyware Updater was temporarily blocked from sending data to the Internet (205.171.3.65:DNS).,N/A,N/A
PE,2005/07/14,18:32:32 -6:00 GMT,MSN Messenger,127.0.0.1:1265,N/A
PE,2005/07/14,18:32:32 -6:00 GMT,MSN Messenger,127.0.0.1:1265,N/A
PE,2005/07/14,18:32:32 -6:00 GMT,MSN Messenger,127.0.0.1:1265,N/A
PE,2005/07/14,18:33:16 -6:00 GMT,MSN Messenger,192.168.0.1:53,N/A
PE,2005/07/14,18:33:22 -6:00 GMT,MSN Messenger,65.54.131.249:443,N/A
PE,2005/07/14,18:33:30 -6:00 GMT,MSN Messenger,207.68.177.126:80,N/A
ACCESS,2005/07/14,18:39:12 -6:00 GMT,MSN Messenger was temporarily blocked from connecting to the Internet (207.68.177.126:HTTP).,N/A,N/A
ACCESS,2005/07/14,18:39:12 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (207.46.6.123:Port 1863).,N/A,N/A
ACCESS,2005/07/14,18:39:12 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (192.168.0.1:DNS).,N/A,N/A
ACCESS,2005/07/14,18:39:14 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (205.171.3.65:DNS).,N/A,N/A
ACCESS,2005/07/14,18:39:30 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (65.54.140.158:HTTP).,N/A,N/A
PE,2005/07/14,20:50:48 -6:00 GMT,msn,127.0.0.1:1477,N/A
PE,2005/07/14,20:50:48 -6:00 GMT,msn,127.0.0.1:1477,N/A
PE,2005/07/14,20:50:50 -6:00 GMT,msn,127.0.0.1:1477,N/A
PE,2005/07/14,20:51:04 -6:00 GMT,msn,207.68.172.238:80,N/A
PE,2005/07/14,20:51:34 -6:00 GMT,msn,65.54.195.188:80,N/A
ACCESS,2005/07/14,20:51:42 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (192.168.0.1:DNS).,N/A,N/A
ACCESS,2005/07/14,20:51:44 -6:00 GMT,MSN Messenger was denied Internet access because of one or more modules (205.171.3.65:DNS).,N/A,N/A
PE,2005/07/14,20:51:46 -6:00 GMT,msn,65.54.134.93:80,N/A
PE,2005/07/14,20:52:06 -6:00 GMT,msn,65.54.224.253:80,N/A
PE,2005/07/14,20:52:12 -6:00 GMT,msn,65.54.224.253:80,N/A
PE,2005/07/14,20:52:20 -6:00 GMT,msn,65.54.224.253:80,N/A
PE,2005/07/14,20:57:56 -6:00 GMT,msn,195.225.177.22:80,N/A
ACCESS,2005/07/14,20:58:04 -6:00 GMT,msn was temporarily blocked from connecting to the Internet (195.225.177.22:HTTP).,N/A,N/A
ACCESS,2005/07/14,20:58:04 -6:00 GMT,msn was denied Internet access because of one or more modules (195.225.177.128:HTTP).,N/A,N/A
ACCESS,2005/07/14,20:58:04 -6:00 GMT,msn was denied Internet access because of one or more modules (195.225.177.22:HTTP).,N/A,N/A
ACCESS,2005/07/14,21:03:50 -6:00 GMT,msn was denied Internet access because of one or more modules (192.168.0.1:DNS).,N/A,N/A
ACCESS,2005/07/14,21:03:50 -6:00 GMT,msn was denied Internet access because of one or more modules (205.171.3.65:DNS).,N/A,N/A
ACCESS,2005/07/14,21:21:28 -6:00 GMT,msn was denied Internet access because of one or more modules (65.54.224.253:HTTP).,N/A,N/A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users