ZoneAlarm problem
I am currently assisting a client in resolving a single issue relating to ZoneLab's ZoneAlarm® “personal” version, zlsSetup_55_094_000.exe, the latest version of the freeware, which was downloaded directly from the vendors site.
The binary failed to install following two unsuccessful attempts on a MS Windows XP SP 2 machine, however, it did leave a number of vs* and vs.* files in the ./windows/system32/zonelabs and ./windows/system32 folder(s), which I removed, unfortunately, at the mmc services console, I have a service (currently in disabled mode) named Truevector Internet Monitor, (whose executable, vsmon.exe I have since removed), a service which I believe is part of the original borked install(s).
As a clean installation (or otherwise, it would seem) is not an option at this point, could someone here direct me to ANY documentation, HOWTO's or previous user experiences on how to permanently remove this service from the system, perhaps there is a registry hack available?
An interesting sidebar to this issue worth mentioning following the second failed installation was that TDS3, a rather comprehensive and well respected Trojan hunter successfully deleted 2 stream(s) from ./windows/system32/zonelabs/vsmon.exe, Moreover, it hinted at the possible presence of Ddos.RAT.rBot residing in File: ./windows/System32/systeminfo.exe following a file trace scan.
Following some research I concluded that the latter was, according to several forum posts, possibly a “false positive” associated with an “overzealous” configuration of the TDS3 scan engine, nonetheless, I deleted the streams and the systeminfo.exe file with no apparent negative implications on the system.
The binary failed to install following two unsuccessful attempts on a MS Windows XP SP 2 machine, however, it did leave a number of vs* and vs.* files in the ./windows/system32/zonelabs and ./windows/system32 folder(s), which I removed, unfortunately, at the mmc services console, I have a service (currently in disabled mode) named Truevector Internet Monitor, (whose executable, vsmon.exe I have since removed), a service which I believe is part of the original borked install(s).
As a clean installation (or otherwise, it would seem) is not an option at this point, could someone here direct me to ANY documentation, HOWTO's or previous user experiences on how to permanently remove this service from the system, perhaps there is a registry hack available?
An interesting sidebar to this issue worth mentioning following the second failed installation was that TDS3, a rather comprehensive and well respected Trojan hunter successfully deleted 2 stream(s) from ./windows/system32/zonelabs/vsmon.exe, Moreover, it hinted at the possible presence of Ddos.RAT.rBot residing in File: ./windows/System32/systeminfo.exe following a file trace scan.
Following some research I concluded that the latter was, according to several forum posts, possibly a “false positive” associated with an “overzealous” configuration of the TDS3 scan engine, nonetheless, I deleted the streams and the systeminfo.exe file with no apparent negative implications on the system.
0