Port Explorer V1.800 sees ccapp.exe and ZlClient.exe as red entry

Discussion in 'Port Explorer' started by Cyborg, Feb 28, 2004.

Thread Status:
Not open for further replies.
  1. Cyborg

    Cyborg Registered Member

    Dec 8, 2003
    Hi guys,

    I am using the evaluation version of Port Explorer v1.800 for the first time.

    I have 2 red entries which are as per the attachment and one entry in black.

    It would appear from what I read that entries in red are seen as areas that could be hosting TROJANS.

    The first entry states:- 1692 UDP 1036 ZlClient.exe which is ZoneAlarm

    The second entry is 1732 TCP 1027 ccapp.exe which is part of Symantec linked to the scan of E-mails.

    If I turn these off at the startup menu ZoneAlarm does not open and neither does Norton AntiVirus 2003. When I open Norton up Auto Scan Of E-mail is turned off.

    As for why an entry would appear in balck I do not know .

    The bottom entry in black is as follows:-

    3312 UDP 1058 iexlore.exe

    I am not up to much with PC's so I guess I should not be messing with Port Explorer in the first place really, but I would like to know if this is a bug in the programme of if I do have a problem.

    Any of you guys with ZoneAlarm out there. Since the latest version for whatever reason I cannot access their forums. It keeps coming up about cookies not being setup in my browser. They are setup coorrectly and I can access all other sites but not their forums. I have even turned everything off in respect of privacy, deactivated all programmes linkerd to startup and yet still I cannot gain access; I still get the cookie message. Only 2 things I have changed recently are my IP and I also "CLEANED CACHE" for the first time ever not even knowing what this process does o_O. Yes I know I am stupid messing but then if I don't mess I don't learn but when I do mess I screw my PC up; can't win really.

    Hope you tech guys can help me.

    Thank you

    Attached Files:

  2. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    Hi Cyborg,
    Nothing wrong with those:
    black is normal sockets here.
    The examination (rightclick on the process/sockets) will show you it is a normal legal application on your sustem, the one more hidden then the other, you should have the vsmon.exe as well as part from ZA/ZAPro
    as a hidden file.
    If you click and enable socketspy, look in the packets and you'll see that ZA connets home to see if there are updates or other reasons why it sends on and back two packets and nothing else.
    You can look exactly what it is sending, nice to see.

    Same will be for the other program.
    Next time after your reboot, fire up PE, before you connect to internet and enable spying on the processes already, so you don't miss a single bit from them once you connect to internet and you will be happy with your finds.

    For registered users is another tool available to see already everything from an application before the application itself was even started, sloader.

    Red does mean hidden, it doesn't mean in all cases it is a trojan; now you killed the connections you see the results and that it is not always a trojan connection, but one to pay attention to.

    For the ZAPro sites, did you check under "privacy" and modify the options for their site there? Allowing cookies at least and not blocking the header references, popups and banners, might help. After that close all the browsers and open one again, hoping the new settings are inthere and accepted, you might even have to reboot before it works as intended.
    I'm one with writing frustrated emails to websites too, not even getting error pages but only refreshes and no entrance, even though i accept about everything step by step if necessary, but if we have to lower standard all our security we could do without firewalls, soooooooooo........!!
    Could be the last windows security updates cause this too, which came around the same time as the last fixed ZAPro version.
    But this is no part of Port Explorer, you might get good answers for this part in the special "Firewalls" forum where Firewall specialists will help you as far as possible!
Thread Status:
Not open for further replies.