Jump to content


vsmon.exe without zone alarm

  • Please log in to reply
2 replies to this topic

#1 Koenie



  • New Member
  • Pip
  • 2 posts

Posted 27 June 2004 - 11:59 AM


After logging in on my WinXP system, there is a lot of network activity. The 'act' LED of the laptop flashes continuously. I did some experimenting, and killing the program 'vsmon.exe' stops all network activity. It seems that this file is associated with Zone Alarm, but I don't have Zone Alarm installed. In fact, I cannot find vsmon.exe on my harddisk at all. So, I'm quite confused to what this is.

I ran AdAware and SpyBot, fixed all stuff and ran hijack. This is the output of the logfile:

Logfile of HijackThis v1.97.7
Scan saved at 18:42:20, on 27-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S1QFOPQV\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8158.5636226852
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CEF248C-89FE-4952-ABE9-A443D5C94A40}: NameServer =

Some information: is my router, I did install Sun Java, MS Office 2000, OpenOffice.org 1.1.2, Avast and the Acrobat Reader and I set the default page to google.

If anyone can help me, please let me know!



#2 wawadave


    Advanced Member

  • Full Member
  • PipPipPip
  • 126 posts

Posted 27 June 2004 - 07:26 PM

what fire wall are you useing? the fire wall that comes with windows update cd is built on zonealarm. there might be others. in which case you are useing vison. your hijack this log show zonealarm instald.

i might be wroung on this. not heard of a trojin that uses vismon.
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />

#3 Koenie



  • New Member
  • Pip
  • 2 posts

Posted 28 June 2004 - 02:46 AM

I am using no firewall on this PC. That is, I have disabled the firewall in the LAN settings.
This is the only Windows system that is connected to my local network. The network itself has a firewall (Linux running on a Sun).

The reason I am worried about the vsmon.exe process is that I cannot remove it (I can kill it, but it returns after a reboot, even if I delete the entries in the registry) and that I cannot find the executable.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!