zone alarm blocked file

Discussion in 'Computer Support' started by Alfred, Aug 31, 2007.

  1. Alfred

    Alfred Guest

    Just turned on this morning and ZA blocked a file called
    spbaeamjvs.exe. Anyone had this? A file search doesn't fetch anything
    up yet za log shows it has been blocked previously. Previous blocks
    probably when my kids were using it
     
    Alfred, Aug 31, 2007
    #1
    1. Advertising

  2. Alfred

    Alfred Guest

    On Fri, 31 Aug 2007 09:27:09 +0100, Alfred <>
    wrote:

    >
    >Just turned on this morning and ZA blocked a file called
    >spbaeamjvs.exe. Anyone had this? A file search doesn't fetch anything
    >up yet za log shows it has been blocked previously. Previous blocks
    >probably when my kids were using it


    And to follow up.
    Adaware found it.
    Avsystemcare.com

    turds of the world!
    I hope they rot
     
    Alfred, Aug 31, 2007
    #2
    1. Advertising

  3. Alfred <> wrote in
    news::
    >
    > Just turned on this morning and ZA blocked a file called
    > spbaeamjvs.exe. Anyone had this? A file search doesn't fetch anything
    > up yet za log shows it has been blocked previously. Previous blocks
    > probably when my kids were using it



    Whilst you're an in Admin account, if applicable:

    Make sure you're showing hidden files and folders first, in your Folder
    Options' View tab | Advanced settings window. Also insure that you're not
    hiding common file extensions (about 2 lines down, IIRC, YMMV). Emphasized
    and then emphasized again for emphasis' sake, and should not be
    overemphasized for most folks, *temporarily* uncheck hide protected system
    files - and make a note-2-self to *rehide* ASAP afterwards...

    You may have to reboot, but if once you've OK'ed any changes, you show any
    hidden files or system files, you should be ready to proceed...

    [If you have one of those Department of Homeland Security terrorist threat
    alert charts pinned to your refrigerator with little naked girl magnets, (not
    provided by the US Government with the kit - I mean they are so cheap, they
    don't even provide a thumbtack...) you might want to move the level to red,
    just in case you're keeping track...]

    Now, in your Search for files and folders tools, you likely want to select
    only your (C:) drive, make sure the other advanced options are not
    restrictive of your search routine, and under the "More advanced options"
    button, make sure you have ticked system folders and hidden items, and untick
    any more restrictive options such as case-sensitive, etc.

    Now, run your search with the all or part field, and leave off the extension,
    then add the extension, etc.

    Presuming from here that you've run complete malware scans and come up clean?
    Likely affirmative to that... Sounds like it's in one of your temp folders,
    hidden or protected. Could be as simple as your ISP using some ID or cert
    process for you to sign on, then the file deletes once you're out on the
    net... Can't rule out a rootkit from info provided. All props to ZA for
    heroism in these perilous times! Revealing which OS and ZA version might
    assist someone with more expertise in computer security issues. Also,
    whether the ZA log shows the block under the "Firewall" or the "Program"
    alert type, and TCP-IP or UDP protocol, could be relevant and/or helpful.
    There's a source IP and a destination IP which could also provide some leads
    if there's a culprit involved hereto.

    Good luck.

    --

    "Be careful about reading health books.
    You may die of a misprint." -- Mark Twain (1835-1910)


    (O
    |__ BECAUSE OF THE RETARDS NORMAL PEOPLE
    .-|___ CAN NEVER PARK BY THE FRONT AGAIN
    ( ) \_
    `--'
     
    Bucky Breeder, Aug 31, 2007
    #3
  4. Alfred

    Alfred Guest

    On 31 Aug 2007 15:04:31 GMT, Bucky Breeder
    <> wrote:

    >Alfred <> wrote in
    >news::
    >>
    >> Just turned on this morning and ZA blocked a file called
    >> spbaeamjvs.exe. Anyone had this? A file search doesn't fetch anything
    >> up yet za log shows it has been blocked previously. Previous blocks
    >> probably when my kids were using it

    >
    >
    >Whilst you're an in Admin account, if applicable:


    I used Adaware and thought it had gone. Came back after a reboot.
    Restarted in safe mode and cleaned it in that. Didn't find anything
    using spybot or adaware.
    Started looking in program files and windows system files.
    Found it in the system32 folder. 5 files all with the name of
    SPAEAMJVS. Isolated them and rebooted. After an hour there is no sign
    of anything wrong

    Zone alarm had it connecting to Liutilities.com who seem to masquerade
    as a windows fault fixing company. It was also popping my browser into
    Avsystemcare which I assume is their more public face


    This is the first time I've had one of these. Had a couple at work a
    few years ago but never on a home PC.

    Time to shout rude words at offspring about safeinternet.
     
    Alfred, Aug 31, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    0
    Views:
    2,239
  2. D@annyBoy

    Zone Alarm

    D@annyBoy, Oct 22, 2004, in forum: Wireless Networking
    Replies:
    4
    Views:
    860
    Adam Membrey
    Oct 22, 2004
  3. =?Utf-8?B?TWFkRG9n?=

    Zone Alarm Firewall Attacks

    =?Utf-8?B?TWFkRG9n?=, Oct 12, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    8,233
    N. Miller
    Oct 13, 2005
  4. Patch

    Audible alarm in Zone Alarm?

    Patch, Aug 18, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    1,179
    Patch
    Aug 18, 2003
  5. Jones

    Zone Alarm or Zone Alarm Pro?

    Jones, Feb 19, 2004, in forum: Computer Information
    Replies:
    5
    Views:
    630
    Phil Marshall
    Feb 20, 2004
Loading...

Share This Page