Zone Alarm Blocking ???

Hello Stem:

Good we can use your help here on Fatawan's ET thread puzzle!

On smb, here is mine posted only as a model in case it helps you tell us how to view/edit/delete enteries. For my own part I have always questioned these duplicates, but what would and ET look like in this folder? In mine the red is PC Tools spam monitor db. I hope I don't have ET's evil twin in here.

SMBINST.EXE System Management BIOS Driver Installer C:\I386

SMBINST.EXE System Management BIOS Driver Installer C:\WINDOWS\SYSTEM32

smbinst.exe System Management BIOS Driver Installe C:\WINDOWS\SYSTEM32\DLLCACHE

SmBayes.db C:\Documents and Settings\xxxx\Application Data\Spam Monitor

SmBayes.db C:\Documents and Settings\NetworkService\Application Data\Spam Monitor

SMB6W.DL_ C:\I386
MRXSMB.SYS C:\I386
MSSMBIOS.SYS C:\I386
mrxsmb.sys C:\WINDOWS\Driver Cache\I386
mrxsmb.sys C:\WINDOWS\SYSTEM32\DLLCACHE
mssmbios.sys C:\WINDOWS\SYSTEM32\DLLCACHE
mrxsmb.sys C:\WINDOWS\SYSTEM32\DRIVERS
MSSMBIOS.SYS C:\WINDOWS\SYSTEM32\DRIVERS
mrxsmb.sys C:\WINDOWS\$hf_mig$\KB885250\SP2QFE
mrxsmb.sys C:\WINDOWS\$hf_mig$\KB885835\SP2QFE
mrxsmb.sys C:\WINDOWS\$hf_mig$\KB914389\SP2QFE

 

Hi again:

I know that your ZA is not allowing this phone home to succeed. That is good.

I was asking if their log (when the attempt was made) could be made to include the exe and path where the program being blocked lives? Maybe this is more a question for ZA!

 

Probably Stem refers to the smb settings we have already reviewed initially (TCP/IP panel).

See this tutorial on how to get there:
http://csg.trinhall.cam.ac.uk/tips/smb/winxp

Of course the tutorial is targeted to a university campus so don't take those IP numbers into your systems but check around for entries that should not be there. However if it was a TCP issues, it should have also happened when you started with ZA and XP standard services.

And I doubt its an issue with registry cleaners...

Cheers,
Fax

 

With everything back as it was in the start-up menu, there was once again NO phone home! Wooohooo!

If that changes, I will be back here to update you all.

Perhaps it was something leftover that jv16 cleared out yesterday. Whatever it was, it has stopped, and for that, I thank you all very much.

 

Great!
Keep watching ...

Cheers,
Fax

 

Okay, that is good news for sure.

You so many scans and cleans anyone of them could have done ET in!

My only regret is not knowing exactly what the id was of the executable.

But that is just academic now.


PS I'm looking at Stem's hint on those folders to see what I can clean out my self. In this security quest less is better!

See you!