hidden file ! vsconfig.xml ??????

Discussion in 'malware problems & news' started by cyberblob, Apr 15, 2003.

Thread Status:
Not open for further replies.
  1. cyberblob

    cyberblob Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6
    Location:
    Melbourne, Australia
    Hi All
    We have a xml file in my systems dir.
    ...c:\windows\system\vsconfig.xml
    ...now over the last few month i habe deleteing this file and it comes back again as is ! I cant find where or what program which run this file ?

    Just last few days this IP number has changed from 147.208.130.167 too 208.185.174.60 , But as you can see
    the only way i can control this ip number is via ZoneAlarm or BlackInc...

    I have traced both wth not much help to there whereabouts !


    The vsconfig.xml script

    <?xml version="1.0" ?>
    - <securitypolicy version="1">
    <lockupinfo server="208.185.174.60" enable="true" />
    - <ruleset name="startupruleset" start="onstartup" stop="afterstartup">
    <firewall />
    </ruleset>
    </securitypolicy>

    So any one can advise me please !

    Beers @ cheers Cyber
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Yes, that file is a normal part of Zone Alarm. I have the exact same file (same contents) as you do, and I run Zone Alarm Plus. I believe that file gets updated after you make your first network connection following a restart. And, it is a file related to the site ZA uses when it has to initiate the lockout feature.

    http://lockup.zonelabs.com/8083.html

    It appears that they changed the IP address for the location of the server related to that page. I can only imagine ZA updates the file to stay current with that site (i.e. in case the site moves to a new address).

    It's not any type of malware, so you don't need to be concerned about that.
     
Loading...
Thread Status:
Not open for further replies.