Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    neddy
    Guest

    Default suspicious activity

    My PC sends a 330 byte packet to who knows where every 35 seconds over my Jetstream connection. At the same time, any drop down menu gets zapped and the hourglass appears.
    I think it started when I upgraded Zonealarm to version 3.1. Reverting back to 2.6 hasn't helped. I now have ZA locked down with the stop button unless I'm surfing or emailing.
    Virus scans show nothing, and the various spyware programs I've run haven't helped.
    Running 98SE, IE6 with latest patches.
    Any theories?

  2. #2
    MarkB
    Guest

    Default Re: suspicious activity

    If it started when zonealarm was upgraded try removing it completely.
    Uninstall it and remove all references to it.

    Regcleaner is good to use through the software tab to remove all registry keys, plus you can back them up if you change your mind.

    Then see if it still happens. If not install zonealarm version you want and see what happens.

    Could also try swatit, a trojan and bot remover. They updated their signature files today so could be something new on your system dialing home.

  3. #3
    tweak\'e
    Guest

    Default Re: suspicious activity

    zonealarm have full instructions on how to cleanout ZA remains before installing a new/old ver.

    remove all the items in the program list and wait to see if zonealarm picks up any program trying to access the net. if nothing happens allow your browser (with blank page) and see if the fault happens. it could well be something working through your browser.




  4. #4
    MoNk
    Guest

    Default Re: suspicious activity

    www.lavasoft.nu

    get adaware and run a scan. see whats up, then remove all the advertising material - see if that fixes it.

  5. #5
    neddy
    Guest

    Default Re: suspicious activity

    Thanks for all the replies.
    Unfortunately, none have fixed the problem, which I now doubt is caused by Zone Alarm - after all, no one else seems to be affected by it.
    Meantime, going nuts...

  6. #6
    BIFF
    Guest

    Default Re: suspicious activity

    Try this:
    http://analyzer.polito.it/

    just run a capture, and grab everything going past. Then have a look for your packet and view it's destination and it's contents.

  7. #7
    neddy
    Guest

    Default Re: suspicious activity

    Thanks Biff
    I installed Analyzer, but afraid it's just too techie for me - I haven't a clue how to set it up for a start

  8. #8
    BIFF
    Guest

    Default Re: suspicious activity

    OK, I'm sure you can muddle you way through this.

    Install the Analyzer, and install the WinPCap drivers (there is a link to these on the analyzer site).
    The Analyser program doesn't create shortcuts in the Start menu etc, just use explorer to go to the folder where you installed it and double click the Analyzer.exe file.
    Then shut down zone alarm. Connect to the internet. Let the connection settle and load Analyzer. Then press the little Green Network Adapter icon. If you use a network card to connect to the internet then select that adapter, else select WAN adapter (or similar) if on dialup. Press OK and leave it alone for 5 minutes. Press the Stop button once you're sure you have caught one of the packets.
    You will see all packets in the Network column. The source IP address is on the left and the destination is on the right. Look for ones originating from your computer's IP address (you can find out your IP using the WinIPcfg command under Win9x/ME, or the ipconfig /all command under 2K or XP).
    If you left the connection to settle before begining the capture there should be very few packet to look through fortunatly.
    If you spy the suspect packet you believe is the dodgy one you can highlight it and look in the Data container below. The data will show in the pane on the right. If the packet contains any plain text it will show up in the right most secion of the data between the square brackets [ ]. It's likely that it wont contain anything recognisable however. You can open a command prompt and type Ping -a destination address
    This will turn the IP into an address which may help you figure out what the offending app is. Good luck, hope this blurb helps you or someone else out there on Press F1.

  9. #9
    Danger
    Guest

    Default Re: suspicious activity

    I think I read about ZA doing this on the CNET site/downloads/user opinions. It was awhile ago now so can't be sure, but I seem to remember someone not being to happy that ZA needed to send info home regualaly for some reason.

  10. #10
    Susan B
    Guest

    Default Re: suspicious activity

    We've just had a thread in the last week or so about how ZoneAlarm has some "interesting" "reporting features" built in to it. Can't find the thread now but a search should turn it up.

Similar Threads

  1. Suspicious site!
    By JOYBEBA6679 in forum PressF1
    Replies: 8
    Last Post: 04-07-2008, 08:24 PM
  2. A suspicious looking bag.
    By Sweep in forum PC World Chat
    Replies: 20
    Last Post: 14-06-2008, 08:46 AM
  3. Suspicious e-mail
    By heaton in forum PressF1
    Replies: 21
    Last Post: 28-07-2006, 02:19 AM
  4. Suspicious File
    By JJJJJ in forum PressF1
    Replies: 9
    Last Post: 11-07-2006, 11:53 PM
  5. Suspicious message
    By John H in forum PressF1
    Replies: 11
    Last Post: 08-04-2004, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •