-=PCTechTalk=- Re: More Firewall (How to remove ZA)

Rick,

I searched my archives, and came across this piece, which was originally
posted by Thomas Chan in WinTips-Tricks:

I suspect he got it from the Zone Alarm site, but I have not verified this.
Bear in mind, if ZA was installed and not completely removed, the chances
are the remnants will interfere with your new firewall, no matter what it
is.

---
Complete removal instructions for zone alarm:

- Uninstallation Step 1.
If you want to uninstall ZoneAlarm or ZoneAlarm Pro, first run the
Uninstaller program: click on the Start menu|Programs|Zone
Labs|Uninstall ZoneAlarm (or Uninstall ZoneAlarm Pro). The uninstaller
will guide you through the process; answer "Yes" to any files it prompts
you to delete.

A. To make sure that you can see any ZoneAlarm or ZoneAlarm Pro system
files still on your computer:

- i. Right-click on Start, then left-click on Explore.
- ii. When the Windows Explorer panel appears, click "Tools," then
"Folder Options."
- iii. Click the "View" tab, then click the "Show hidden files and
folders" radio button.
- iv. Click "OK."


B. Verify that the following have been removed:

- Directories:

1) Zone Labs from C:\Program Files
2) zonelabs from C:\WINNT\System32
3) zonelabs from C:\WINNT\Profiles\All Users\Start Menu\Programs
4) Zone Labs from C:\Documents and Settings\All Users\Start
Menu\Programs

- Files:

1) C:\WINNT\Profiles\All Users\Start Menu\Programs\Startup\zonealarm
2) C:\WINNT\Profiles\All Users\Start Menu\Programs\Startup\zonealarm pro
3) C:\WINNT\System32\vsdata.dll
4) C:\WINNT\System32\vsdatant.sys
5) C:\WINNT\System32\vsmonapi.dll
6) C:\WINNT\System32\vsnetutils.dll
7) C:\WINNT\System32\vspubapi.dll
8) C:\WINNT\System32\vsutil.dll
9) C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\ZoneAlarm
10) C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\ZoneAlarm Pro

NOTE: Please verify that none of the files listed above remain in the
directory C:\WINNT\Temp.


Back to Top


- Uninstallation Step 2.
Delete the directory "C:\WINNT\Internet Logs".

NOTE: If you want to save your alert logs (ZAlog.txt), you should copy
them from the Internet Logs directory to a different location before
deleting the file.


Back to Top


- Uninstallation Step 3.
Make sure your Recycle Bin is empty.


Back to Top




- Uninstallation Step 4.
It is not generally necessary to remove registry entries if reinstalling
ZoneAlarm or ZoneAlarm Pro. However, should you choose to do so, the
following registry entries aree associated with ZoneAlarm or ZoneAlarm
Pro:

Important Advisory: Deleting registry entries incorrectly may cause
serious problems to your operating system (OS) which may necessitate the
need to reinstall the OS. Please make sure you are able to perform these
deletions correctly before you decide to edit the entries.

For information about how to edit the registry in Windows, type
"regedit.exe" from a command prompt. Click "Help," then "Help Topic."
Click "Changing Keys and Values."

Note that you should back up the registry before you edit it.

To enter the registry, go to Start/Run and type: "regedit." Use
Control-F to find and F3 to Find Next.

Registry Entries:

- Key: HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs and all its subkeys and
values.
- Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Z
oneAlarm (or ZoneAlarm Pro)


These two registry keys, and all their subkeys, denote the TrueVector
service and the TrueVector device driver:

- Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsmon
- Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant


This registry key and its subkeys denote ZoneAlarm or ZoneAlarm Pro's
alert logging service:

- Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\minilog


This is a database that contains a long list of values, but only these
values are related to ZoneAlarm or ZoneAlarm Pro and TrueVector:

- Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
- Values:

C:\Program Files\Zone Labs\ZoneAlarm\tutorwiz.dll
C:\WINNT\System32\vsdata.dll C:\WINNT\System32\vsdatant.sys
C:\WINNT\System32\vsmonapi.dll C:\WINNT\System32\vsnetutils.dll
C:\WINNT\System32\vsnetu.dll C:\WINNT\System32\vspubapi.dll
C:\WINNT\System32\vsutil.dll C:\WINNT\System32\Zone Labs\html.tdr
C:\WINNT\System32\Zone Labs\vsdb.dll C:\WINNT\System32\Zone
Labs\minilog.exe C:\WINNT\System32\Zone Labs\vsmon.exe
C:\WINNT\System32\Zone Labs\vsruledb.dll


For each user who has run ZoneAlarm or ZoneAlarm Pro, there are registry
keys in

- Key: HKEY_CURRENT_USER\Software\Zone Labs


The following keys allow the user to modify the sound that is played
when there is an alert through use of the Control Panel Sounds applet:

- Key: HKEY_CURRENT_USER\AppEvents\EventLabels\InternetAlert
- Key:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\InternetAlert\.current


The following keys are related to ZoneAlarm and ZoneAlarm Pro's MailSafe
Feature:

- Key: HKEY_CLASSES_ROOT\ZAMailSafe


There is a value for the extension of every attachment that ZoneAlarm
Pro quarantines (.vbs, for example). To find the values and keys to
delete:

1) Click on HKEY_CLASSES_ROOT
2) Press F3.
3) Type "zamailsafe" in the search field (no quotes).
4) Press F3 to find the next value. An example of the value you will see
(on the right-hand side of the window) would be: ZAMailSafeExt: REG_SZ:
{renamed extension -- zl9, for example).
5) Delete the value. Press "OK" at the prompt.
6) Repeat until there are no more values like the example above.
ZoneAlarm Pro quarantines 37 extensions by default. However, any
additional extentions you may have chosen to quarantine will also be
listed in the registry.


There is also a registry key for the extension of every attachment
renamed by ZoneAlarm Pro. The names of the keys will range from .zl0 to
.zly. If you wish, you can follow the instructions above to find the
values associated with these keys. Delete the entire key which contains
these values.


For ZoneAlarm (not Pro), The following keys can be removed:

- Key: HKEY_CLASSES_ROOT\zl0
- Key: HKEY_CLASSES_ROOT\ZAMailSafe

Back to Top


- Uninstallation Step 5.
Reboot your machine.


That Guy In Africa...
http://homepages.gds.co.za/northcom/
********************************************
ICQ#  39461303
~ Greetings from Sunny South Africa ~
********************************************

-----Original Message-----
From: pctechtalk-bounce@xxxxxxxxxxxxx
[mailto:pctechtalk-bounce@xxxxxxxxxxxxx]On Behalf Of DH (Rick) Holmes
Sent: 29 September 2002 11:45 PM
To: pctechtalk@xxxxxxxxxxxxx
Subject: -=PCTechTalk=- Re: More Firewall



  Hi, Eric,
Thanks for your two postings.  Much appreciated and they give me a good
guide as to what I should do.  I have had a crash or two recently -
slightly more than average, I suppose.  I must completely uninstall all
traces of ZA and Outpost then keep an eye on things.

Perhaps I should have removed my reference to 'ZA' above, and
substituted ZoneAlarm!!! :-)
Best wishes

Rick


Eric Skeen wrote:

>Forgot to mention... Winamp has a setting whereby you can allow or refuse
>it to connect to the Internet. It does this for various reasons...
checking
>for newer updates, calling upon the CDDB database whenever a CD is loaded,
>and in the latest version 3 the browser supplies you with artist and/or
>song info. Winamp themselves also ask if you mind if they use your Winamp
>player habits for research purposes, and again it's your choice to reply
>yes or no.
>
>
>That Guy In Africa...
>http://homepages.gds.co.za/northcom/
>********************************************
>ICQ#  39461303
>~ Greetings from Sunny South Africa ~
>********************************************
>
>-----Original Message-----
>From: pctechtalk-bounce@xxxxxxxxxxxxx
>[mailto:pctechtalk-bounce@xxxxxxxxxxxxx]On Behalf Of Eric Skeen
>Sent: 29 September 2002 12:11 PM
>To: pctechtalk@xxxxxxxxxxxxx
>Subject: -=PCTechTalk=- Re: More Firewall
>
>
>
>Hi Rick,
>
>Sorry about the name mix-up,,, it was late and I went straight to bed
after
>that last post. Seemed I needed my sleep.
>
>Your settings seem fine, I don't use ME so I can't answer that one. I
>normally block everything at first if I don't know what it does, and if I
>see an application not working then only will I allow it.
>
>Sygate 5 is available for free download and it is fairly impressive.
>
>That Guy In Africa...
>http://homepages.gds.co.za/northcom/
>********************************************
>ICQ#  39461303
>~ Greetings from Sunny South Africa ~
>********************************************
>
>-----Original Message-----
>From: pctechtalk-bounce@xxxxxxxxxxxxx
>[mailto:pctechtalk-bounce@xxxxxxxxxxxxx]On Behalf Of DH (Rick) Holmes
>Sent: 29 September 2002 05:55 AM
>To: pctechtalk@xxxxxxxxxxxxx
>Subject: -=PCTechTalk=- Re: More Firewall
>
>
>
>Eric...it's Rick, not that it matters.  Thank you for your directions.
>   I must have a different version to you because,  in
>Tools/Applications/Advanced there is a box, (already checked) with
>'Allow ICMP traffic'.  Because of this I presume that no specific rule
>is needed.  Please confirm.
>
>What I have now is:- ( With my comments in brackets)
>
>DialUp Networking App  ...........Allow      This I think is how ir
>should be.
>Distributed COM services..........Ask        Could I block this?
>Microsoft AutoUpdate.................Ask         I usually deny this but
>occasionally say OK.
>Netscp.exe.................................Allow       OK I should thionk
>Sky Media 200D..........................Allow        Yes, needed
>SDP Service on Windows Millenium.......Ask       Don't know.
>W32Kernel core component..........Block               Should be OK??
>because ICMP is enabled
>WinAmp3............................. Ask                 I can't see
>that this is needed now.  Should I block it?
>
>If you don't mind just letting me know if the options chosen above are
>right, I would be much obliged, thanks.
>
>
>Kind regards
>
>Rick
>
>
>Eric Skeen wrote:
>
>
>
>>Dick,
>>
>>This is what the FAQ at Sygate has to say about Win32kernel:
>>
>>---
>>
>>Operating systems:
>>All supported operating systems.
>>
>>Details:
>>As a rule, if you are unsure about any application you should not allow
it
>>to access the Internet. Only the applications that you specifically know
>>what they are should be allowed. Under most cases blocking the windows
>>kernel should not create a problem. However, in some rare instances
>>
>>
>certain
>
>
>>Internet Service Providers (ISP) will send you an ICMP message to verify
>>that you are online and blocking this may cause them to turn off the
>>service. If this happens, simply enable ICMP using the Advanced Rule
>>editor.
>>
>>
>>To do this open Sygate® Personal Firewall and click on the Tools menu and
>>then on Advanced Rules. You may have to click OK on a warning message
>>before entering the Advanced Rule Editor.
>>Once you are in the Advanced Rule Editor click Add, this will cause a new
>>rule to come up. Give the new rule a name, such as "Allow ICMP", and
click
>>on Allow this traffic option.
>>Then click on the Ports and Protocols tab and select the ICMP option.
>>Enable Echo Reply - 0 and Echo Request - 8.
>>Then click OK to add in that rule, and then click OK to exit the Advanced
>>Rule Editor.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 2002/09/19

To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

Other related posts: