Sign in with
Sign up | Sign in
Your question

ZoneAlarm bundled in Windows 2000 Pro

Last response: in Networking
Share
Anonymous
a b 8 Security
July 15, 2004 10:32:46 AM

Archived from groups: comp.security.firewalls (More info?)

I just installed W2K pro (SP4) on a new computer. I also installed
sygate personal firewall on it. My surprise is that the firewall
reported activity from zonealarm.exe, which appears on the task
manager list.

My question is if zonealarm.exe (in the folder c:\WINNT\SYSTEM32) came
bundled with W2K and if it can be disabled (why having 2 firewalls?)

Thanks.
July 15, 2004 6:17:28 PM

Archived from groups: comp.security.firewalls (More info?)

On 15 Jul 2004 06:32:46 -0700, Pablo Rodriguez wrote:

> I just installed W2K pro (SP4) on a new computer. I also installed
> sygate personal firewall on it. My surprise is that the firewall
> reported activity from zonealarm.exe, which appears on the task
> manager list.
>
> My question is if zonealarm.exe (in the folder c:\WINNT\SYSTEM32) came
> bundled with W2K and if it can be disabled (why having 2 firewalls?)
>
> Thanks.

Zonealarm doesn't come bundled with and version of Windows? It's also not
installed in the System32 folder. Is this 'zonealarm' running? Does it look
like the real zonealarm? What are the properties of the .exe?

Regards

Bill
July 15, 2004 8:26:55 PM

Archived from groups: comp.security.firewalls (More info?)

Pablo Rodriguez wrote:

> I just installed W2K pro (SP4) on a new computer. I also installed
> sygate personal firewall on it. My surprise is that the firewall
> reported activity from zonealarm.exe, which appears on the task
> manager list.
>
> My question is if zonealarm.exe (in the folder c:\WINNT\SYSTEM32) came
> bundled with W2K and if it can be disabled (why having 2 firewalls?)
>
> Thanks.

My guess is you have either a trojan or a virus which you caught by
connecting your computer to the internet without a firewall. Zone alarm
does not install itself in system32.

Google search suggests you have W32.Spybot.Worm

Disconnect from the internet and clean your machine.

--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted.
Related resources
Anonymous
a b 8 Security
July 15, 2004 8:38:35 PM

Archived from groups: comp.security.firewalls (More info?)

Pablo Rodriguez said in
news:D 0d3055c.0407150532.1180291@posting.google.com:
> I just installed W2K pro (SP4) on a new computer. I also installed
> sygate personal firewall on it. My surprise is that the firewall
> reported activity from zonealarm.exe, which appears on the task
> manager list.
>
> My question is if zonealarm.exe (in the folder c:\WINNT\SYSTEM32) came
> bundled with W2K and if it can be disabled (why having 2 firewalls?)
>
> Thanks.

So how did you *install* Windows XP Pro? From a Microsoft CD? Or just by leaving whatever was on the hard drive when you "acquired" it (which might mean you have a pirated copy of Windows)?
Anonymous
a b 8 Security
July 15, 2004 8:52:27 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 15 Jul 2004 16:38:35 -0500, "*Vanguard*"
<lh_vanguard@mailblocks.com> wrote:

>Pablo Rodriguez said in
>news:D 0d3055c.0407150532.1180291@posting.google.com:
>> I just installed W2K pro (SP4) on a new computer. I also installed
>> sygate personal firewall on it. My surprise is that the firewall
>> reported activity from zonealarm.exe, which appears on the task
>> manager list.
>>
>> My question is if zonealarm.exe (in the folder c:\WINNT\SYSTEM32) came
>> bundled with W2K and if it can be disabled (why having 2 firewalls?)
>>
>> Thanks.
>
>So how did you *install* Windows XP Pro? From a Microsoft CD? Or just by leaving whatever was on the hard drive when you "acquired" it (which might mean you have a pirated copy of Windows)?

vanguard, if you had read the OP's posting carefully, you would have
noticed that he says he installed Windows 2000 SP4, NOT Windows XP
Pro. He really didnt need to qualify the Windows 2000 version with
"Pro", since that is the only version of Windows 2000 existing.
Donald L McDaniel
Post all replies to the Newsgroup, so that all may be informed.
Remove the obvious to reply by email.
===============================================================
Anonymous
a b 8 Security
July 16, 2004 5:51:14 AM

Archived from groups: comp.security.firewalls (More info?)

"Donald McDaniel" <orthocrossAT@cablespeedDOTcom.invalid>
wrote in news:bv5ef01n2juhjclnsbdecfll814bkfssh2@4ax.com:
> On Thu, 15 Jul 2004 16:38:35 -0500, "*Vanguard*"
> <lh_vanguard@mailblocks.com> wrote:
>
>>
>> So how did you *install* Windows XP Pro? From a Microsoft CD? Or
>> just by leaving whatever was on the hard drive when you "acquired"
>> it (which might mean you have a pirated copy of Windows)?
>
> vanguard, if you had read the OP's posting carefully, you would have
> noticed that he says he installed Windows 2000 SP4, NOT Windows XP
> Pro. He really didnt need to qualify the Windows 2000 version with
> "Pro", since that is the only version of Windows 2000 existing.

So replace "Windows XP" with "Windows 2000", then repeat the question.
I'm bouncing around lots of newsgroups and often end up with several
posts open at a time while I research some of them.

Since ZA isn't on the Windows CD (*any* flavor of Windows), I was
probing to find out how ZA was "bundled" with Windows. It would not
have gotten installed with the install of Windows. If it was another CD
in a package that had both Windows and ZA then the OP had to install it
and that's why it is on his hard drive (although I cannot verify the
path to the file was correct for ZA but the path where it was found is
suspicious although perhaps it is possible the user actually changed the
default path and specified that one). If the OP downloaded it then,
again, the OP did the install and would know how it got there.

If it just automagically appeared without the OP ever installing
themself, and since it is not on the Windows CD to get included in that
install, and since the OP doesn't mentioning having a separate CD for it
or downloaded it to install it, then it would appear to be an infection.
The OP didn't mention doing a full scan using a recently updated
anti-virus product, but then they might not have thought of doing that
because the OP figured the zonealarm.exe was for the real ZoneAlarm.
Anonymous
a b 8 Security
July 16, 2004 1:05:14 PM

Archived from groups: comp.security.firewalls (More info?)

After reading your posts, I think it's an infection, although AVG
antivirus (most recent version downloaded on the weekend and updated
yesterday) didn't find any.

I killed the process in taskmanager, renamed the .exe file and removed
every registry entry.

Apparently everything is working fine and zonealarm is not loading
anymore (according to taskmanager).

Thanks to all.



"*Vanguard*" <lh_vanguard@mailblocks.com> wrote in message news:<7N2dnV29loB-52rdRVn-hA@comcast.com>...
> "Donald McDaniel" <orthocrossAT@cablespeedDOTcom.invalid>
> wrote in news:bv5ef01n2juhjclnsbdecfll814bkfssh2@4ax.com:
> > On Thu, 15 Jul 2004 16:38:35 -0500, "*Vanguard*"
> > <lh_vanguard@mailblocks.com> wrote:
> >
> >>
> >> So how did you *install* Windows XP Pro? From a Microsoft CD? Or
> >> just by leaving whatever was on the hard drive when you "acquired"
> >> it (which might mean you have a pirated copy of Windows)?
> >
> > vanguard, if you had read the OP's posting carefully, you would have
> > noticed that he says he installed Windows 2000 SP4, NOT Windows XP
> > Pro. He really didnt need to qualify the Windows 2000 version with
> > "Pro", since that is the only version of Windows 2000 existing.
>
> So replace "Windows XP" with "Windows 2000", then repeat the question.
> I'm bouncing around lots of newsgroups and often end up with several
> posts open at a time while I research some of them.
>
> Since ZA isn't on the Windows CD (*any* flavor of Windows), I was
> probing to find out how ZA was "bundled" with Windows. It would not
> have gotten installed with the install of Windows. If it was another CD
> in a package that had both Windows and ZA then the OP had to install it
> and that's why it is on his hard drive (although I cannot verify the
> path to the file was correct for ZA but the path where it was found is
> suspicious although perhaps it is possible the user actually changed the
> default path and specified that one). If the OP downloaded it then,
> again, the OP did the install and would know how it got there.
>
> If it just automagically appeared without the OP ever installing
> themself, and since it is not on the Windows CD to get included in that
> install, and since the OP doesn't mentioning having a separate CD for it
> or downloaded it to install it, then it would appear to be an infection.
> The OP didn't mention doing a full scan using a recently updated
> anti-virus product, but then they might not have thought of doing that
> because the OP figured the zonealarm.exe was for the real ZoneAlarm.
Anonymous
a b 8 Security
July 16, 2004 2:16:27 PM

Archived from groups: comp.security.firewalls (More info?)

On 16 Jul 2004 09:05:14 -0700, PTIVRIHOJPNR@spammotel.com (Pablo
Rodriguez) wrote:

>After reading your posts, I think it's an infection, although AVG
>antivirus (most recent version downloaded on the weekend and updated
>yesterday) didn't find any.
>
>I killed the process in taskmanager, renamed the .exe file and removed
>every registry entry.
>
>Apparently everything is working fine and zonealarm is not loading
>anymore (according to taskmanager).
>
>Thanks to all.
>
>
>
>"*Vanguard*" <lh_vanguard@mailblocks.com> wrote in message news:<7N2dnV29loB-52rdRVn-hA@comcast.com>...
>> "Donald McDaniel" <orthocrossAT@cablespeedDOTcom.invalid>
>> wrote in news:bv5ef01n2juhjclnsbdecfll814bkfssh2@4ax.com:
>> > On Thu, 15 Jul 2004 16:38:35 -0500, "*Vanguard*"
>> > <lh_vanguard@mailblocks.com> wrote:
>> >
>> >>
>> >> So how did you *install* Windows XP Pro? From a Microsoft CD? Or
>> >> just by leaving whatever was on the hard drive when you "acquired"
>> >> it (which might mean you have a pirated copy of Windows)?
>> >
>> > vanguard, if you had read the OP's posting carefully, you would have
>> > noticed that he says he installed Windows 2000 SP4, NOT Windows XP
>> > Pro. He really didnt need to qualify the Windows 2000 version with
>> > "Pro", since that is the only version of Windows 2000 existing.
>>
>> So replace "Windows XP" with "Windows 2000", then repeat the question.
>> I'm bouncing around lots of newsgroups and often end up with several
>> posts open at a time while I research some of them.
>>
>> Since ZA isn't on the Windows CD (*any* flavor of Windows), I was
>> probing to find out how ZA was "bundled" with Windows. It would not
>> have gotten installed with the install of Windows. If it was another CD
>> in a package that had both Windows and ZA then the OP had to install it
>> and that's why it is on his hard drive (although I cannot verify the
>> path to the file was correct for ZA but the path where it was found is
>> suspicious although perhaps it is possible the user actually changed the
>> default path and specified that one). If the OP downloaded it then,
>> again, the OP did the install and would know how it got there.
>>
>> If it just automagically appeared without the OP ever installing
>> themself, and since it is not on the Windows CD to get included in that
>> install, and since the OP doesn't mentioning having a separate CD for it
>> or downloaded it to install it, then it would appear to be an infection.
>> The OP didn't mention doing a full scan using a recently updated
>> anti-virus product, but then they might not have thought of doing that
>> because the OP figured the zonealarm.exe was for the real ZoneAlarm.

ZoneAlarm is never bundled with either Windows 2000 or Windows XP
(unless his Windows was an OEM version which installed a version of
ZoneAlarm when the OS was installed.)

If a file named "ZoneAlarm" was running on his system, he put it
there. If he did not intentionally install an authentic copy of
ZoneAlarm, it is obvious that it is most definitely a virus, trojan,
or some other form of malware.

Donald L McDaniel
Post all replies to the Newsgroup, so that all may be informed.
Remove the obvious to reply by email.
===============================================================
July 16, 2004 7:32:11 PM

Archived from groups: comp.security.firewalls (More info?)

Donald McDaniel wrote:
> [snip]
>
> vanguard, if you had read the OP's posting carefully, you would have
> noticed that he says he installed Windows 2000 SP4, NOT Windows XP
> Pro. He really didnt need to qualify the Windows 2000 version with
> "Pro", since that is the only version of Windows 2000 existing.

*cough*2000 Server*cough*

--
_ __/| William Anderson | Brodie: The Force is strong with this one
\`O_o' neuro at well dot com | Jay: Dude, don't encourage him
=(_ _)= http://neuro.me.uk/ | -- Mallrats, (1995)
U - Thhbt! GPG 0xFA5F1100 |
!