Computer Security & Viruses/virus

Advertisement

Expert: - 7/24/2009


Question
zonealaram screenshot
zonealaram screenshot  
QUESTION: i have zone alarm installed,whenever i try to connect 2 internet, this ?ÿÿÿèøC@, tries to connect to internet and when i deny it permission i cannot access any internet site!!!...i have got kaspersky antivirus but i think it is not able to detect any virus activity....i asked brain benosky dis question..he told me 2 run hijackthis..i ran and here is the log file
**********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:08 PM, on 6/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\ZONELABS\minilog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D49899A3-3F67-419C-A794-FC8195FB62FF}: NameServer = 218.248.240.208,218.248.240.135
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\minilog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 3547 bytes

i don't think its of any use....do you any other suggestion....plz help me

ANSWER: I'm not a Hijack this log expert, but I don't really see anything in the log to be concerned about except this one:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll

This may be a legitimate part of Java but I don't understand why it doe not have a name?

Have you tried to disable ZoneAlarm and then test your internet connection?
You could look on the ZoneAlarm site and see if they have anything about it.
I don't want to mess with your security but if worse comes to worst, you may want to allow that program access and run virus scans to see if they detect anything then.

Let me know how I can help you further.
Keith

---------- FOLLOW-UP ----------

QUESTION: Thank you keith for answering my question, i appreciate that.i did as you said,zone alarm does not have any listing for this file,i did google search for this file but no help.it is simply ruining my privacy,you see so any other suggestion. i will wait for your reply. by the way how was your vacation?

Answer
Try and download, install, and update Spybot Search and Destroy. You can get it for free here: http://www.safer-networking.org/index2.html

After installing it click the button "check for problems" and let it run a scan on your computer. When it is finished it will show the problems in red and you will click the "fix problems" button and see if it will fix your problem.

Let me know how it goes.
Keith

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Keith Davis

Expertise

Advice on how to avoid viruses and spyware. Suggestions on what software to run to avoid viruses and spyware. Identification of spyware, trojans, or virus infections. Overall system security.

Experience

As a PC tech, removing and identifying many viruses and trojans from customer's PCs.

Education/Credentials
4 classes short of a Networking degree.

©2012 About.com, a part of The New York Times Company. All rights reserved.