Zone Alarm: is there a way to know...

... what is leaving the computer when all the outbound (red bars) are flashing, all the time?

At this point, I know I have no virus, trojan, spyware etc. I have also turned off Automatic Updates in Windows XP (Home Edition), but as soon as I log on, the outgoing zone alarm bars start up... so I'm at a loss, and concerned.

Is there a simple way to find out?

Thanks in advance! I hope this made sense...


Reply to
Michael O'Donnell
Loading thread data ...


formatting link

formatting link

You can use the tools in the link above like Active Ports, Process Explorer and the other tools being mentioned and go look for yourself.

Yes and ZA and other personal FW(s) can and do get beaten.

Duane :)

Reply to
Duane Arnold

Click on the ZA icon and look see what applications are running, thats a good start.

-- Jim Watt

formatting link

Reply to
Jim Watt

Well, you could try looking at the raw traffic...

formatting link

Reply to

You could have no viruses/worms/Trojans/spyware, and still have lots of outbound traffic when you log on. Depends on what you've got installed.

E.g. if you have Yahoo Messenger installed, you will have lots of outbound traffic associated with the Bonjour Service installed with it. Windows Messenger will also quickly kick off outbound traffic.

Anti-virus programs will also quickly kick off outbound traffic. At a minimum, you will have outbound traffic with Generic Host Process for Win32.

To get specific answers for your PC, click on the Programs tab, and put question marks on all internet access for all programs, instructing Zone Alarm to ask your permission each and every time a program wants outbound access.

Michael O'D> ... what is leaving the computer when all the outbound (red bars) are

Reply to

As already mentioned in the thread, you could have a look at the traffic using a sniffer, ethereal nearly being a standard today.

This examination will give you a lot of information even if the data uses a home made protocol and/or encryption, such as volume, used layers, *destination*, etc.

Doing whois queries on the destination addresses can help a lot.

Kind regards Ludovic Joly

Reply to

Try to install NetLimiter 2 Monitor (freeware).

formatting link
It will list all processes connected to internet together with destination IP and port used for communication. It will also log ammount of data transfer. You will easy see what is going on.

You can also use netstat command in command prompt (Windows console) to see active connections.

Reply to
alf Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.