Zone Alarm Weirdness

Recently my computer would lose all outgoing internet access on ONLY port 80 exactly 10min after rebooting.

After doing a full virus scan which was clean I plugged it into a linux firewall and sniffed all outgoing traffic to see if anything was going out.

It had outgoing traffic to 209.87.208.60:8083 which reverses to lockup.zonelabs.com.

Reading the page at

(which has a stuffed up mime type cause it displays the raw html code) and finding the instructions at seems to have fixed it.

Zone Alarm seemed to think it was broken and so was blocking all outgoing traffic after 10 min

The only thing is, I have NEVER EVER installed ZoneAlarm on this machine. It is behind a hardware firewall. I have installed NO firewall products. I managed to get this working by being fairly IT savy and having a proxy server I could use to browse the net, hence bypassing the port 80 restriction but how on earth could Zone Alarm have got onto my machine? The only thing I have installed recently is the Win32 version of Apache/PHP.

Has anyone seen this before?

cheers

Mark

Mark,

I too just had this happen to me. Most of my HTTP requests were being sent to 209.87.208.60:8083. Oddly enough I had a few that were not such as my brokerage accounts (which BTW will have new passwords in a few minutes). Googling for the IP above I found this very thread as well as this other thread with useful info:

'SWI Forums > Hijack; sp.html; Spybot affected'

I'm working on following the steps in that thread right now. I had ZoneAlarm on this laptop before dropping it during a maintenance window. That killed my HD. So no I can honestly say that I've never had ZoneAlarm installed on this hard drive. The link above eludes to a toolbar. I'm wondering if it's something more sinister. I had to sit on the public Internet yesterday afternoon with no FW. I wonder if that did it. I am fully patched but what does that mean nowadays.

J