ZAlog FWIN is it Trojan?

[mercurie]

Fellow Creatures,
I have HardWare Firewall, Zero inbounds until 3 yesterday and one today. Just now my wife was in a nonmacro StarOffice Spreadsheet closing it and got message TrueVector is closing do you want to restart. She does not know! She says no. (No honey). It was not off long because I strolled by. You ZA users know about the BIG X in icon tray. I did not reboot like it was suggested. I know this can sometimes launch a problem if infected. I restarted ZAP from program files. Here is log see FWIN:
ZoneAlarm Logging Client v5.1.033.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (security)
type,date,time,virus name,file name,mode,e-mail id (antivirus)
type,date,time,source,destination,action,service (IM security)
LOCK,2004/10/09,13:28:26 -4:00 GMT,BOClean 4.11 updater,xxx.xxx.x.x,N/A
LOCK,2004/10/09,13:28:26 -4:00 GMT,BOClean 4.11 updater,xxx.xxx.x.x,N/A
LOCK,2004/10/09,13:28:28 -4:00 GMT,BOClean 4.11 updater,,N/A
FWIN,2004/10/09,13:58:12 -4:00 GMT,xxx.xxx.x.xx:xx,255.255.255.255:67,UDP
FWIN,2004/10/09,14:45:06 -4:00 GMT,xxx.xxx.x.xx:xx,255.255.255.255:67,UDP
FWIN,2004/10/09,17:29:44 -4:00 GMT,xxx.xxx.x.xx:xx,255.255.255.255:67,UDP
PE,2004/10/09,22:27:34 -4:00 GMT,Netscape,127.0.0.1:3835,N/A
PE,2004/10/09,22:52:14 -4:00 GMT,Ad-Aware SE Core application,xxx.xxx.x.x:xx,N/A
PE,2004/10/09,22:52:16 -4:00 GMT,Ad-Aware SE Core application,66.117.38.101:80,N/A
LOCK,2004/10/09,23:32:36 -4:00 GMT,UpdateChecker Module,xxx.xxx.x.x,N/A
LOCK,2004/10/09,23:32:36 -4:00 GMT,UpdateChecker Module,192.168.0.1,N/A
LOCK,2004/10/09,23:32:36 -4:00 GMT,UpdateChecker Module,,N/A
ZA did block the attempts. I did a online scan from TrendMicro (Housecall) I use EZAV and as you can see I have BoClean. All clean. Any help would be appreciated.

[Don Pelotas]

Hi Mercurie

Symantec has trojan called Fwin , that's all i could find. BOClean doesn't seem to have it in there database, although they could very well call it something different. Why not download a trial of Ewido or TDS-3 and use their on-demand scanners.

[mercurie]

Well O. K. Don my friend,
At least I know I'm on the right track while waiting for someone to post back. I did exactly what you did and came up with the exact same thing. Except I have not trialed anything yet. Thanks for your reply.

[Don Pelotas]

I'am sorry not to have been more helpfull.

I see that you have also posted on mickey's, that could take some time and i would personally email BOClean's support i think you will get a much faster answer that way, they are known for their speedy email responses.

I think you are ok though, as you have a hardware firewall and have come up clean on subsequent scans.

Regards

[mercurie]

No problem Don. Words from a fellow member that I am on the right track is helpful. No new zalog entry and Windows is stable. If I do not hear very soon. I will send email. I know they are very busy working on BO 5. I intend to continue until I find an answer. Perhaps I will be able help another member in the future, should it come up on their machine.

[mercurie]

Fellow Creatures,
Kevin did Post reply. At Mickey's Forum.

[Don Pelotas]

Yes, very thorough and as always in a entertaining style!