i recently installed ZoneAlarm Pro v7.0.337. on the first hour, i already get 170 intrusions that have been blocked since install. is this normal? wyrozf.exe keep on asking permission to access internet. what is this program? is it safe? thanks
I am not very familiar with ZA, but I wouldn't say that's normal. Unless you are running some server-type application (P2P i.e). What are the exact parameters of intrusions, IP, port? (of course, conceal any private info, like your IP) wyrozf.exe I second this. If the spelling is OK, I'd be concerned. potatochip, do you have an AV installed?
Hello ! If you want less things to get to your computer , consider buying a router with NAT/SPI technologies incorporated . Normal or not , the firewall is doing its job - keeping intruders out of your computer. Who knows? It can be everything . Please , submit the file to a free service caleed VirusTotal (www.virustotal.com) . It will analyse the file with updated popular AV products and will submit the sample to those vendors who find nothing in the file . Thus , all vendors will have a copy of this file and will add if necessary -> your AV detect it
It looks like the Wyr variant, a trojan I think, tries to access the wyr group of sites, I dont know the reason through, some install themselves as a service, some seem to drop loads of copies with random filenames, sorry I don't have any other info apart from that, info seems hard to find, have you tried removing all its files and start up registry keys ? , does it come back ?? I'm sure some one can help you remove this parasite Fluffy
recently, i got a Sasser worm (lsass.exe error) and i did removed it. the reason i got it is because i did not have firewall (yes, stupid me). but i do have AV (NOD32). im not sure what happened, but wyrozf.exe does not exist anymore. say if wyrozf.exe (or other random name file) tried to access internet again, i will let u know about the details (the exact parameter, IP and port) btw, the "intrusions" are still happening (currently 6220 since install, which is yesterday). yes i use P2P (uTorrent) but even if i close the uTorrent, the intrusions are still happening.
That happens when the tracker does not update. When you stop seeding files, the tracker doesnt ubdate straight away, so you still get lots of people trying to connect to you. It can go on for a couple of days before it stops. Nothing to worry about, just an irritation if anything.
As The_Duality already pointed out, that's quite normal, this is how filesharing works. The 'intrusions' should not be there when utorrent is running (connections are accepted), only when it's closed. This is due to your forwarded torrent port, which remains open. Your firewall blocks the connection attempts as there is no active destination (utorrent is closed) for them. If you have a dynamic IP, you could try changing it, the 'intrusions' will stop...
