zonealarm=party quarantined

primetime32 · #1 02-21-2006, 07:06 PM

Just downloaded zonealarm and had it run a spyware and anti-virus scan. After it was done it had put Party Poker in quarantine and listed is a moderate threat.

TO get it out of quarantine it says i have to download zonealarm sercurity suite.

I noticed the PP shortcut on my desktop was gone. However, when i checked my programs list it was still there and i just opened it up and it appears to be working fine.

Any thoughts? What should my next step be? I dont want to have to purchase the firewall. I don't know what they actually put into quarantine since PP is still working. But i am little concerned that part of PP is quarantined is actually in quaranine.

thanks in advance.

jukofyork · #2 02-22-2006, 11:11 AM

[ QUOTE ]
Any thoughts? What should my next step be? I dont want to have to purchase the firewall. I don't know what they actually put into quarantine since PP is still working. But i am little concerned that part of PP is quarantined is actually in quaranine.

[/ QUOTE ]

My guess is that ZA has picked up on the agressive method party is using to detect banned software. If you look in the PartyGaming folder, has it quarantined a file called 'llh.dll'? If so, I am surprised the client is still working...

I would also hypothesize that alot of the problems people are having with the new software crashing and generally doing weird stuff, also come from this new aggressive method they are using.

I agree they are trying to protect their players, but the methods they are using are far from 'standard' and are very likely to cause instability on certain systems. Most firewalls and virus killers use heuristic methods to try to classify yet unseen/unknown threats, and the method party is using is likely to trigger the heuristic as a false positive (ie: they will think party client is something bad even though it is benign).

Juk [img]/images/graemlins/smile.gif[/img]

jukofyork · #3 02-28-2006, 05:25 PM

Just an update on what I have found since making this post. The poster of this question on "Yahoo Answers" inspired me to investigate further, and I provided him an answer (see here). Here is my answer to the question in case the link is no good:

[ QUOTE ]
"llh.dll is used by Party Poker to snoop on other applications you have running.

It basically is the dll which it 'injects' into other running processes to see what they are doing. It then installs hooks for certain windows API calls inside of the target process and most likely it then sends the collected data back to their servers.

Party Poker also installs both mouse and keyboard hooks to snoop on you, but these are unrelated to this dll.

To block it use either 'AntiHook' or 'Proccess Guard', as both of these can stop it from doing any snooping (ie: blocks both dll injection and mouse/keyboard hooks).

Hope this helps explain what it is doing - Juk [img]/images/graemlins/smile.gif[/img]"

[/ QUOTE ]

Also, it seems that others in another forum have had problems with Party being identified as a possible Trojan because of the aggressive methods they are employing (see here).

Somebody in that thread brought up the interesting point about what action Party can take against us blocking them from using these methods. I agree they are their to protect us, but to what extent they can invade your privacy I don't honestly not know...

I am not sure, but I suppose in theory Party could ban the use of programs such as AntiHook and ProcessGuard?

Juk [img]/images/graemlins/smile.gif[/img]

SamIAm · #4 02-28-2006, 06:48 PM

That's intense. Thanks for the heads-up.
-Sam

jukofyork · #5 02-28-2006, 07:04 PM

Just trying out 'ProcessGuard' atm. 'AntiHook' was not very stable and kept crashing badly, so hopefully this will work better! [img]/images/graemlins/grin.gif[/img]

All seems OK so far... fingers crossed [img]/images/graemlins/smile.gif[/img]

Juk [img]/images/graemlins/smile.gif[/img]

dave88 · #6 02-28-2006, 09:28 PM

ProcessGuard Rocks. It has saved me from numerous baddies.

Another program that stops these hooks is Jetico firewall, it is freeware

jukofyork · #7 02-28-2006, 09:41 PM

Yes, I have to agree ProcessGuard looks very cool. I was using something called AntiHook b4 (also free), but had stability issues and PG much better/more stable.

Will look into Jetico firewall, ty! [img]/images/graemlins/smile.gif[/img]

Juk [img]/images/graemlins/smile.gif[/img]

jukofyork · #8 02-28-2006, 11:39 PM

Just been reading the ProccessGuard forums and saw a link to this utility called SnoopFree. Looks like this can do quite alot of what PG can do (and has some extra features too) and is also freeware.

Juk [img]/images/graemlins/smile.gif[/img]

theRealMacoy · #9 03-01-2006, 06:54 AM

[ QUOTE ]
Just been reading the ProccessGuard forums and saw a link to this utility called SnoopFree. Looks like this can do quite alot of what PG can do (and has some extra features too) and is also freeware.

Juk [img]/images/graemlins/smile.gif[/img]

[/ QUOTE ]

juk,

thanks for the link---i might give this a try.

i would still like to hear a trip report on process guard if you get a chance.

cheers,
sean

cheers,
sean

Terry · #10 03-01-2006, 04:29 PM

Anybody tried playing yet with one of these snoop-stoppers running?