does zap block gator

Discussion in 'other firewalls' started by Mr.Blaze, Apr 15, 2003.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    --- Report generated: 2003-04-15 13:55 ---

    Gator: Global settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Gator.com

    Gator: Hidden identity (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}

    Radiate: Global settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Radiate

    i install new zap maxed out stealth and ad blocking and setings where nothing allowed to have server acess

    but fire wall kept going off
    used port explorer to see what it was
    said something had conected other then my juno and normal stuff

    i did a search with spybot and i found gator dont know where it came from but it was there

    i c;eand it out with spy bot reconected to the internet and yup no more wyrd conection

    heres the thing does gator now by pass zap?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    The key question is what program was Gator using to connect out through ZAP? There are pieces of gator that run as dlls within IE, I believe, but, there are also separate programs. (I'm not a spyware expert. :doubt: )

    What was ZAP telling you exactly, what message? What programs do you have listed in the ZAP > Program Control > Programs listing? Any Gator/Gain references? What program did Port Explorer flag as making the connections?

    See this page for a little on Gator and ZAP:

    http://www.alanluber.com/pcfearfactor/officiagatorpage.htm

    ZAP is not meant to stop malware from coming in. It's not scanning the data stream for good and bad content (such as virus or spyware "signatures"). The ZAP Privacy settings allow you on a global, or site by site basis, to allow or block mobile code, cookies and Ads. But, if you allow a site through (so you can run pages off the site with Javascript, Java or ActiveX), then you've allowed whatever they want to do to come into your system, too.

    Once on your system, from there it becomes a test to see if you can see it going outbound... If it was a new program trying to connect outbound, there would have been a ZAP pop-up asking you to approve it. If you did, then that is a problem, of course. ;)

    >> "but fire wall kept going off..."

    It seems like you noticed something. Was it an alert or ZAP pop-up message?
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will i dont know what it was but it totaly gone now spybot killed it

    and zap didnt flag it as a program trying to connect to the internet

    shouldny had it said something it was under zap radar but looks like not port explorer

    oh well it gone now but zone alarm should take a look to see if gator made something nastyer that bypass firewalls
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Well, if it wasn't a separate program, then ZAP's normal program alerts would not have flagged it anyway.

    I'm not sure if you've looked at the Program Control > Main screen yet. There's a slider setting there called Program Control. It's at Medium normally after a fresh install of ZA+/ZAP. They recommend you keep it there until you've used all your normal programs so that it can map all the DLLs that those programs use...

    But, once you slide that to High, from there on, any new DLL (like maybe a ie gator related one) will be alerted and you'll have to approve it before it can access out.

    Now, there are literally hundreds of DLLs on a system, so that's why you let it learn (at medium) before moving the slider to High (unless you want to answer hundreds of permission alerts.) It's important to have a clean system while you are at Medium, because all DLLs get allowed as they are used when you are at set there.

    Anyway, that's just something for the next time. (You may want to go into the ZAP > Program Control > Components list, and look for any gator/gain references in that long list, as well.)
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    oh ok lol so it really does learn wow

    ummm looks like i will have to refresh vector i think cause i still get that problem when i click more info zap shuts dowen snif snif
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi MrBlaze,

    In Spybot S&D you can click Recovery and you will see what has been removed. (Don't put it back. ;) )
    Here is some info on the "ugly croc" : http://www.alanluber.com/pcfearfactor/officiagatorpage.htm

    Regards,

    Pieter
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    NOPE GATOR I HAD WAS WORST

    was not in start up ms config didnt showitself as useable software my security settings are will i go to porn sites lol so you all by now should know that everything is disabled lol

    and last it could im perty sure conect under zone alarm with out prompt

    i think port explorer ws the only thing that could see it have an outside conection

    so when i use spybot to kill it i stop geting that wyrd conection

    i personaly think it a new form of gator
     
Loading...
Thread Status:
Not open for further replies.