• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Koenie

vsmon.exe without zone alarm

3 posts in this topic

Hi,

 

After logging in on my WinXP system, there is a lot of network activity. The 'act' LED of the laptop flashes continuously. I did some experimenting, and killing the program 'vsmon.exe' stops all network activity. It seems that this file is associated with Zone Alarm, but I don't have Zone Alarm installed. In fact, I cannot find vsmon.exe on my harddisk at all. So, I'm quite confused to what this is.

 

I ran AdAware and SpyBot, fixed all stuff and ran hijack. This is the output of the logfile:

 

Logfile of HijackThis v1.97.7

Scan saved at 18:42:20, on 27-6-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\vsmon.exe

C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S1QFOPQV\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe

O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe

O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8158.5636226852

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CEF248C-89FE-4952-ABE9-A443D5C94A40}: NameServer = 192.168.1.4

 

Some information: 192.168.1.4 is my router, I did install Sun Java, MS Office 2000, OpenOffice.org 1.1.2, Avast and the Acrobat Reader and I set the default page to google.

 

If anyone can help me, please let me know!

 

Thanks!

 

Koen

Share this post


Link to post
Share on other sites

what fire wall are you useing? the fire wall that comes with windows update cd is built on zonealarm. there might be others. in which case you are useing vison. your hijack this log show zonealarm instald.

 

i might be wroung on this. not heard of a trojin that uses vismon.

Share this post


Link to post
Share on other sites

I am using no firewall on this PC. That is, I have disabled the firewall in the LAN settings.

This is the only Windows system that is connected to my local network. The network itself has a firewall (Linux running on a Sun).

 

The reason I am worried about the vsmon.exe process is that I cannot remove it (I can kill it, but it returns after a reboot, even if I delete the entries in the registry) and that I cannot find the executable.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0