General discussion



By Shanghai Sam ·
We are getting a nasty alert with Zone Alarm where a very strange file (applet, program, trojan, etc...) is not only attempting to access the INet, but act as a server as well. We have done everything I can think of to find out what it is and remove it to no avail. We have scanned entire system for viruses and used number of Adaware / startup cop programs. We did find Alexa adware and deleted it. Nothing else was found. This is an NT4 Workstation. *ALL* other programs either attempting access or that already have access ZA is able to identify, but this nasty thing comes up BLANK. Under Product Name and File Name it is just those bunch of weird ASCII characters, no exe. Under Product Verions & Create Date it is blank. File Size is 0. It gives us multiple alerts. We have sent off the portion of the ZA Log file that deals with this to Zone Labs in hopes that they can help us identify what this is. Portion of ZA Log is below:

PE,2002/06/04,21:58:50 -7:00 GMT,??????W@,,N/A
PE,2002/06/04,21:58:50 -7:00 GMT,??????W@,,N/A
PE,2002/06/04,21:58:50 -7:00 GMT,??????W@,,N/A
PE,2002/06/04,21:59:49 -7:00 GMT,??????W@,,N/A
PE,2002/06/04,22:00:05 -7:00 GMT,??????W@,,N/A
PE,2002/06/04,22:01:24 -7:00 GMT,????L?E@,,N/A

It also seems to avoid logging when it is trying to access via our DNS. address. If we prevent the access of this unknown entity, we are unable to access the INet at all. We cannot Ping, FTP, Browse or anything. We have searched for this weird ascii file name we come up empty.

We have even tried examining all services and devices, all "run", "run once", etc entries in the Registry as well as all other know startup areas with no luck. Has anyone ever seen this before?!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums