Tales from the toolroom - fun with ZoneAlarm

[AlbertLionheart]

Over the last two weeks I have come across three machines with internet access problems and all of them have turned out to be related to Zone Alarm - or to be strictly accurate - the remains of Zone Alarm. In all three cases the Zone Alarm product had been uninstalled using the built-in uninstaller; what was different about this was that these uninstalls had been done months ago and it was only because of a recent Windows update that things started to go wrong. ISP access was working perfectly well and I was able to ping google.com every time, but 7 times out of 10 the browser would not work, nor would the mail handler or FTP or things like the AV updater routine. A search of the net found a few similar problems but nothing conclusive.
Checking the firewall (to turn it off to prove a point) showed that in each case Zone Alarm firewall was running despite the fact that the program had been uninstalled and there was supposedly nothing left of it. Certainly nothing left with which to control the firewall and there were no files left in the ZoneAlarm folder in Progam Files. Looking at the processes that were running I found several being loaded that belonged to the product including vsinit.dll, vsutil.dll and vswmi.dll. Removing these files needed a reboot into Safe Mode.
Still this failed to provide a reliable fix with the browser failure rate now about 5 out of 10.
Beginning to suspect a rat here, I had another dig at the net and finally located a document on the Zone Alarm site about removing the program manually - it seems that there are a raft of .dll. .sys and .vxd files that this thing runs but fails to clear.
This still does not explain why this should suddenly be a problem months after the program had been uninstalled but I stick to my theory that an update is somehow responsible for reactivating the partially inactive remnants of ZoneAlarm. Shame - I still think it is a good product! Just a shame that the uninstall doesn't work - and the mighty Revo is no good as the thing had already been uninstalled so there was nothing to work on.

 

[kimsland]

ZoneAlarm Removal Tool: http://download.zonealarm.com/bin/free/support/cpes_clean.exe

AppRemover utility: https://www.techspot.com/downloads/5514-appremover.html

Running both will remove ZoneAlarm

 

[AlbertLionheart]

Cheers KImsland - not come across appremover - will it remove an app which has already been removed by the app's uninstall routine (ie; there is no app left; just the registry entries and perhaps a few .dll files)?

 

[kimsland]

Yes

And its actually designed for broken removals of Security software removal such as ZoneAlarm

 

[AlbertLionheart]

Right - I'll give it a bit of a test this morning!
Cheers - very grateful!

 

[AlbertLionheart]

Well in truth I don't know if I fixed it yet!
Appremover found nothing to remove - but still I was impressed with it and I will keep it in the toolbox for the future.
I used the schedule of files to be removed from places like the system32 folder, the registry and so on which I did. The browser worked fine but then it has done in an intermittent sort of way since the problem started. I left the machine on the basis that I would come back if the problem persisted with plan Z - a 7lb lump hammer. Not sure if the owner saw the joke!

 

[kimsland]

lol
It sounds as though ZoneAlarm is gone

Oh and I run this on every machine regardless of issue: (well to a point )
IE Reset Fixit Tool:

Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer

 

[fw2004]

Sounds like something is actually "alive" in there, not just code<g>.
It reminds me of the lasting effects that some diseases leave in your body; Lyme disease would be a prefect example (I've never had it, but know those who have).
Or maybe like one of those alien sci-fi films. You think you've killed the slimy beast with many heads and tails, but a part of the beast regenerates, and even after the movie is over, there's always something left for a sequel.

I always scan the registry for the program name after an uninstall. Most uninstalls leave lots of registry entries. But it seems that in your case, searching for "Zone Alarm", or "ZoneAlarm", or some variation thereof would not have found those .dll or .vxd files that kept running.

There used to be a utility that would track every install, and keep a record so that you could uninstall and get every file or change that was made, but that utility stopped working when most installers would refuse to work when they detected the monitor running. It might have been a Norton product, but it was so many years ago I can't recall.

Because of this kind of problem, I usually make an image of the entire drive before making major changes.
Security utilities are always the most difficult to get rid of, and Zone Alarm is, in my opinion one of the worst in this way.
I used it for a couple of years back around 2003, but gave up on it because it was too much of an encumbrance for web browsing and network access.

Now I use Norton Internet Security, and am very happy with both 2009 and 2010.

 

[AlbertLionheart]

Just had a call from the user - seems to be clear.
It appears that there is a MS update which caused all this - I can find the number if anyone is interested as I have lost it in the depths of the system somewhere (down in the dank and moist bits where the foundations of windows moulder gently, picking away the the roots of the foul code that supports it all. Talk about not peeking and poking about in there...)

 

[irha]

I wonder if you can reinstall zonealarm free and then immediately use one of the better uninstallers such as Revo followed by AppRemover for getting better results in these scenarios. I was bitten by zonealarm paid version before as I was not able to get any incoming connections (e.g., rdp, ssh even ping) and even tried uninstall without success. When I reinstalled a newer version that was out, it fortunately started working so temporarily given up on the idea. Since I am planning to upgrade to windows 7 and might need to go through this same exercise.

 

[AlbertLionheart]

Sometimes that does work - sometimes it is necessary to clear out the references in the registry as well as the folders left behind. Best of luck - W7 will be worth it.