ZoneAlarm and internat.exe

Discussion in 'other firewalls' started by oma53, Jan 19, 2014.

Thread Status:
Not open for further replies.
  1. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Hello,
    Could someone that has ZoneAlarm firewall please check their OS firewall log and tell me if you have the following:

    internat.exe (OS Firewall)

    First, I have to admit I do not know what I am doing as far as tracking this problem down, so I hope this does not sound stupid.

    The ZA log show that this is a host process for Windows Task that is deleting a value in the registry. My worry is that, according to all the threads on Google, internat.exe is not supposed to run on Win 7.
    Also, I can not find this file on my system anywhere.
    This is a legal file for Vista and below. There are a lot of threads concerning this file on the web, but these are mostly hijackthis logs or the virus/trojan by the same name.

    Since I found this in my logs 5 days ago, I have done the following:
    Spent approx 3-4 hours a day googling anything related to this file.
    Spoke with 3 local computer shops.
    Formatted and installed windows again.
    Ran the following security:
    (Win 7 Pro, current updates applied)
    Microsoft Security Essentials
    MalwareBytes (free)
    MBAR
    HitmanPro (paid but ran on demand)
    Kaspersky TDSSKiller
    AVG Rescue CD
    Avira Rescue CD
    Kaspersky Rescue CD
    All have come up clean.

    Concerning the format of the system, I briefly did the following:
    After formatted the HD and replacing the MBR, I installed Windows.
    I then updated the system with all the security patches.
    I downloaded ZA and installed it and rebooted the system.
    The log showed the above entry.
    I know this should show the file is the legit windows file, but through all my research, I can not find any instance of this file running on a Win 7 system.

    Any suggestions or guidance in this matter would be greatly appreciated.

    I tried to post this on the ZA forum, but I have been unable to so far, also I may be offline for approx a day so it may take a while for me to respond to any questions.

    Thank you.
     
  2. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
  3. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Thank you for the reply.
    I had seen this earlier. This is one of the threads concerning the possibility that this is a virus/trojan that I stated earlier.

    The exact note in the ZA log just states that the operation was allowed. There is no trace of the file in the registry or on my system. I have even loaded a linux disk and looked around to find the file. Again, even in linux, I can not find this file anywhere or any indication in the registery.

    This appears to be the very first file loaded when the system starts up.

    Again, thanks for taking the time to reply.
     
  4. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    OK...this is driving me crazy.
    I have confirmed that the legal internat.exe does not run on Win 7.

    This should clearly indicate that this is a virus/trojan.

    But again, I have formatted the HD, rewrote the MBR, and then the only disk I used in the computer was the operating system. So how could this be infected again?

    Is it possible the modem/router is compromised?
    Or could this be some other software with a similar name?
    Again, anyone else with ZA have this entry in the logs?

    I have worked on this for so long, and I really don’t know the best way to track down these problems, and I am about ready to throw this system out the window. So if anyone has any suggestions, please let me know what you think.

    Thank you.

    (I finally managed to post on the ZA forum, but I see they don’t have a lot of traffic in the area I posted so I am counting on someone in this forum to steer me in the right direction for now.)
     
  5. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,267
    Location:
    England
    More info on this here

    http://teamapproach.ca/trouble/DefaultProcesses.htm

     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,091
    Location:
    Hollow Earth - Telos
    It might help to do Reg Scan with Ccleaner and then look under Startup and the other tabs to see what else is going on.
     
  7. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    I found the problem.

    If you go to APPLICATION CONTROL SETTING, then OS Firewall, the five settings that are there normally have what appears as two short dashes (USE PROGRAM SETTINGS) in front of them. These now have a question mark (ASK) for all five. If I change the forth one down, “Change which programs load at start-up” from a question mark to the dashes, and re-boot the system, the message does not show up in the log. If I change it back to the question mark and restart the system, the message reappears in the log file.

    My normal procedure is to leave the default settings and only change the application control settings from auto to manual after a few days and also change the outbound protection to max.

    I do not remember changing the OSFirewall setting, especially twice, but I have to assume this was my fault. I am sorry for any inconvenience this may have caused anyone.
     
Loading...
Thread Status:
Not open for further replies.