ZoneAlarm...
Moderator: Moderators
-
- The Creator Himself
- Posts: 296
- Joined: 2003-01-02 17:15
ZoneAlarm...
Anyone knows of a good way of detecting this one (code please, I really don't feel like polluting my computer with it...)? I'm thinking about putting up a big fat warning to get rid of (i suspect) 90% of the "corrupted file" problems...
A quick search through the "infected" Windows 2000 system reveals these files:
winnt\system32: vsdata.dll, vsdatant.dll, vsmonapi.dll, vspubapi.dll, vsutil.dll
winnt\system32\zonelabs\html.tdr, ssleay32.dll, vsdb.dll, vsmon.exe, vsruledb.dll
All of these files are signed with ZoneLabs certificate...
Also, vsmon.exe is running while ZoneAlarm is loaded (remember that it's enough that ZA is installed to corrupt downloads, it doesn't need to be running).
winnt\system32: vsdata.dll, vsdatant.dll, vsmonapi.dll, vspubapi.dll, vsutil.dll
winnt\system32\zonelabs\html.tdr, ssleay32.dll, vsdb.dll, vsmon.exe, vsruledb.dll
All of these files are signed with ZoneLabs certificate...
Also, vsmon.exe is running while ZoneAlarm is loaded (remember that it's enough that ZA is installed to corrupt downloads, it doesn't need to be running).
-
- DC++ Contributor
- Posts: 3212
- Joined: 2003-01-07 21:46
- Location: .pa.us
souce: http://www.unixwiz.net/backstealth/
It looks like you can look for a window with a class of NULL and a window title of "ZoneAlarm" or "ZoneAlarm Pro." After quite a bit of googling, this is the "cleanest" way I could find to do it.
It looks like you can look for a window with a class of NULL and a window title of "ZoneAlarm" or "ZoneAlarm Pro." After quite a bit of googling, this is the "cleanest" way I could find to do it.
-
- DC++ Contributor
- Posts: 3212
- Joined: 2003-01-07 21:46
- Location: .pa.us
In fact, this code should pretty much do it. It's not DC++ style friendly - it hardcodes a string instead of putting it in the ResourceManager.
I put it in after the version check. The error message is also crude. And I haven't tested it against an install of ZoneAlarm. And I'm not sure if we have problems with both ZoneAlarm and the ZoneAlarm Pro product.
Code: Select all
#ifdef WIN32
// ZoneAlarm?
if (FindWindow(NULL, "ZoneAlarm") || FindWindow(NULL, "ZoneAlarm Pro")) {
MessageBox("ZoneAlarm has been detected on your computer. It is frequently responsible for corrupted downloads and is the cause of many \"rollback inconsistency\" errors. Please uninstall it and use an alternate product. DC++ will bug you about this every time you start the program. Tough noogies.", APPNAME " " VERSIONSTRING, MB_OK | MB_ICONERROR);
}
#endif
-
- Posts: 147
- Joined: 2003-01-04 02:20
- Location: Canada http://hub-link.sf.net
- Contact:
I know ZA has been the scapegoat for corrupted downloads for some time and I know that people who un-installed ZA were able to solve their issues but.....
I have been running ZA on one of my machines with DC++ for over a year and I don't have rollback issues. Several users on my hub also run ZA without issue.
Has anyone taken the time to dig deeper and figure out the real cause? It is obviously more complicated then "ZA causes rollback errors"
HaArD
I have been running ZA on one of my machines with DC++ for over a year and I don't have rollback issues. Several users on my hub also run ZA without issue.
Has anyone taken the time to dig deeper and figure out the real cause? It is obviously more complicated then "ZA causes rollback errors"
HaArD
-
- DC++ Contributor
- Posts: 3212
- Joined: 2003-01-07 21:46
- Location: .pa.us
I, for one, haven't. I just recalled Arne's call for code, and I felt that after reading about another user whose rollback problems were solved by uninstalling ZoneAlarm, code could be contributed to DC++ to at least warn users about the problem.
Of course it's a bandaid over the real problem of what sequence of events or versions cause the problems between DC++ and ZA. But if nobody (I know I'm not) is looking into the root cause, a bandaid is better than nothing.
Of course it's a bandaid over the real problem of what sequence of events or versions cause the problems between DC++ and ZA. But if nobody (I know I'm not) is looking into the root cause, a bandaid is better than nothing.
-
- The Creator Himself
- Posts: 296
- Joined: 2003-01-02 17:15
-
- DC++ Contributor
- Posts: 3212
- Joined: 2003-01-07 21:46
- Location: .pa.us
I've done some googling about getting version numbers from EXEs. I'll use my sacrificial Win98 drive on my laptop and mutilate it with ZoneAlarm to see if I can get something to detect certain ZA versions.arnetheduck wrote:So it boils down to a version check...gargoyle? =)
Then comes the "fun" part of actually figuring out what versions are giving people problems.