z.exe, cookies, dll files, ZoneAlarm prompts, porn diallers, ...

Discussion in 'other security issues & news' started by username, May 31, 2004.

Thread Status:
Not open for further replies.
  1. username

    username Registered Member

    Joined:
    May 31, 2004
    Posts:
    27
    Hi.

    I ran AutostartupExplorer and saw a file called z.exe. What is this file? I google'd and found many hits for things having to do with trojan's with suffixes of .z.exe, etc.. I deleted it, but, wonder whether there might be related files that I need to be aware of.

    Also: What cookies, if any, should I be concerned with 9i.e., not permit)?

    What .dll files?

    What other files (that ZoneAlarm prompts me re: their being installed or contacting the internet, etc.) should I not permit?

    Finally, I understand that "porn diallers" can be installed unbeknownst to me and can then dial long distance, premium rate "porn" numbers, also unbeknownst. Is this true? How can I prevent this (or other "diallers" that might do similarly malicious things)?

    While trying to be secure, we get inundated with messages re: ActiveX, real*, dll, cookies, etc., so it'd be nice to know what to "allow" and what to "deny".

    Thanks.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Well, it's hard to say what z.exe was, especially now that it is gone. Since you used a startup key viewer to find it, can you tell us more about what it showed? Where was z.exe being called from - what startup location? Also, where was the file located? (These probably won't help too much, since the best way to find these things out is to send files in for analysis rather than deleting them right away, but it might be worth discussing anyway.)

    The important thing regarding making sure you don't get infected (have browser hijacks, unwanted dll's downloading, malware installing without you knowing - including dialers) is to make your security settings tighter and install, and use properly some good security tools.

    Start by reading this: Why did I get infected in the first place?

    A key point regarding Zone Alarm alerts is that you need to get used to what is normal on your system and then watch for odd or different things happening. For example, if you are not in the process of installing something but are perhaps visiting a website and suddenly Zone Alarm says some new component is trying to access the Internet, chances are you want to block that. You see, after running a while Zone Alarm has already figured out and alerted you to most programs on your system that need to contact the Internet. Changes or additions to these few programs is often a sign that something bad might be happening.

    If you can provide some specific examples, we can talk through them. But first, try to go through that thread noted above and tighten your PC security first.
     
  3. username

    username Registered Member

    Joined:
    May 31, 2004
    Posts:
    27
    z.exe was in "startup folders" under both "users" and "global". I'm obviously new to the security forum gig, so, didn't realize before today that it was as easy as sending the file in question on in to you. Of course, the properties of the file were not terribly telling, except that it was a relatively new file (something like april 27th) when I saw no reason for a newer file to be there as of april 27th-ish.

    Yes, I suppose I'll become accustomed to the various dll's, etc. that I can ignore. I just thought there might be some more general rules of thumb to abide by in terms of when to allow new Real*, ActiveX, .dll, etc. exchanges and updates (other than "if you're on familiar ground, don't worry as much, otherwise worry."). I appreciate your comment.

    Anyhow, thanks! Maybe if you search for "z.exe" on google or elsewhere you will have better luck at pinning down precisely what this file was. If so, let me know. Also, any insight re: "porn diallers" and other diallers (e.g., how they're contracted, whether they could be "under the radar", and how I can prevent them from being contracted)?

    When I see things like "major" outgoing threats listed in the sygate security logs, e.g., it seems pretty alarming considering such things as "diallers" or other.

    Thanks again!
     
Loading...
Thread Status:
Not open for further replies.