Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
 ·Comcast
|  Very odd site Claims they can disable ZA
I don't use ZA, and I don't know anything about this site, Please read and let me know what you guy's think.Again I don't know Jake about this site so, read with caution, You can read it with no problems, but don't click the link at the site, that link has some kind of code, that is suppose to disable ZA.
I posted it here, because their are a lot of ZA user here, and many experienced pc users, here, That can determine if this is real, or a fake. If this is real, it needs to be reported to ZA, ASAP, if a fake, then disregard.
»www.angelfire.com/on3/vxdoin2/ZAHack.html
--
Companies would rather lose you as a customer than fix the problem
Vampirefo
Joke Page
|
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs:
| I tried it -- yes, I know -- but this is my work computer!
It did NOT shut down my Zone Alarm. The zap.exe file was "Copyright (C) 1996-1999 Laszlo Molnar & Markus Oberhumer" -- so perhaps this does not work on newer version of ZA???
I thought this section was a little strange:
KERNEL32.DLL
ADVAPI32.DLL
GDI32.DLL
OLEAUT.DLL
USER32.DLL
WSOCK32.DLL
Why are those files mentioned in this .exe file? |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| I just tried it and it did shutdown ZAP, I got it from a friend just now, I had to try it, It killed the version 1.0.64, this is the only version i could find on short notice.
[text was edited by author 2001-07-02 21:37:38] |
|
gameboyrom
join:2000-11-27
| reply to Vampirefo
It only had "Close Key" in ADVAPI32.dll - This is odd
It also only had Bind in Wsock32.dll - odd again.
It was packed with an early version of UPX - I can't unpack it. It's probably not a virus taking into account it's small size. It has the some characteristics of a trojan(bind in wsock32.dll, it's packed), but once again it's too small. It most likely is just a hoax or an old web page |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Vampirefo
Don't know ZoneAlarm at all, but this looks like a very promising approach to doing what they claim. Simply be creating the Mutex object that ZoneAlarm apparently depends on they can prevent ZA from starting, and I've seen this kind of thing happen (by accident) in other places.
My gut says this does exactly what they claim. Remember, if you can disable your firewall, so can something else. I've always wondered when this would happen.
Steve
--
Stephen J. Friedl / Software Consultant / Tustin, California USA / »www.unixwiz.net |
|
Nick8
Premium
join:2001-03-17
UK
| This mutex flaw was discussed at great length quite a while ago. I don't use ZA either but I know that the latest versions of ZA / ZAP (2.6.x I think) are not vulnerable. Also there is a patch available for the old versions which was not produced by Zone Labs, I think DCS were responsible for the patch (aswell as the discovery of the vulnerability).
[text was edited by author 2001-07-02 21:46:18] |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| I just downloaded the latest version from ZAP, and this test killed it just as fast. |
|
enabl3D
Wtf Is God???
join:2000-07-04
Fairfax, VA | reply to Nick8
well I'm using the latest version of ZAP(2.6.214) and that little program was able to shut it down.
oh boy, oh boy!!!!!
--
si no te gusta que te miren... ponte un cartucho en la cabeza |
|
Nick8
Premium
join:2001-03-17
UK
| reply to Vampirefo
Most of the discussion about this issue it too old to find, but I found this thread which is more recent. It seems the new version will still get shut down, but will cut the net connection dead (that's what they mean by "fixed"!). DCS's patch will prevent ZA getting shut down in the first place, its is suggested that the patch can be applied to any version of ZA. |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to enabl3D
So two confirmed, kills on the latest version of ZAP, seems like we got us a problem guy's.This test is real who wants to tell Zone labs? anyone else with ZAP care to try? |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| reply to Nick8
The internet connection was not shutdown, only ZAP, I was still able to surf the internet.The information in that thread is not correct, the only thing that dies is ZAP, not the internet connection.
[text was edited by author 2001-07-02 22:01:50] |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs: |  reply to Vampirefo
Now I am paranoid, why wasn't I shut down??? |
|
Nick8
Premium
join:2001-03-17
UK
| reply to Vampirefo
I can tell you for sure that they are fully aware of the issue  . They were hounded several months back when the issue was made public by DCS. Their answer to it is to have ZA take the internet connection with it if it dies (in versions 2.6.x) - effective if not elegant. DCS's patch actually prevents the code from shutting down ZA. |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs: | reply to Vampirefo
This is different than BioNet -- BioNet kills zonealarm.exe, but this seems to Terminate vsmon.exe and minilog.exe -- correct? |
|
Nick8
Premium
join:2001-03-17
UK
| reply to Vampirefo
Can you confirm that port 7 is open and reachable?
This program is DCS's own tester! It was released many months ago - I am surprised that no-one has reported the new ZA's failure to deal with it correctly yet.
[text was edited by author 2001-07-02 22:09:15] |
|
damonlab
Premium
join:2001-05-02
Detroit, MI
clubs: | reply to Vampirefo
I have ZA 2.6.88 and am running win2k. My question is the same as R2, why wasn't I shut down?
--
It only takes one person to change the world. I am not that person. |
|
enabl3D
Wtf Is God???
join:2000-07-04
Fairfax, VA
| reply to Nick8
well my internet did get shut down
heres a screenshot of netstat right after running the program: |
|
bzar1
join:2001-05-15
Tucson, AZ
clubs: | reply to Vampirefo
zaf 2.6.88 no effect |
|
Nick8
Premium
join:2001-03-17
UK
| reply to enabl3D
said by EmiGrante:
well my internet did get shut down
This is what I expected - if ZA gets shut down, listener is active but internet connection is dead and therefore listener is unreachable.
[text was edited by author 2001-07-02 22:17:15] |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV |  reply to bzar1
Download the program to your desktop, and then run it, I am not running like they want, I have it on my desktop. Then I run it and it kills ZAP fast, TPF is preventing port 7 from opening. |
|
