I was installing DSL for a client today, on a machine that I had just scanned the disk with Avast, and it was clean…then, after running the Verizon DSL install program, I got an on-access alarm for a “LowZones” bug, and found an iel.exe in the default folder for Dcouments & Settings, which apparently is a self-executable that messes with IE.

Apparently I’ve gotten rid of the bug, but still am having issues getting a connect to the account acitivation server for Verizon. Before I go trying to call them (and grow old) I’m wondering if any of you have run into this bug and whether I need to do anything more than delete the detected file. None of the databases seem to list this thing.

What other security was/is on that system?

• OS up-to-date with ALL security patches/updates?
• Using a firewall (correctly configured)?
• Did you restore/repair the registry? (LowZones changes several inet related keys)
• Have you run Spybot s&d and Ad-Aware?

The OS is XP, just installed (replacing ME) and up to date as of today. Avast Professional, Spybot S&D both up to date, running and oddly checked clean just before the attempted DSL install. The drive had several viruses and spywares on it when I brought it into the lab, but were successfully cleaned on the lab IDE bus and the drive reinstalled, then no problems after the boot…until we tried to install the DSL at the client’s home.

Anywhere I can find the problem registry entries? Does Avast adequately clean this one?

BTW…your pic is akin to what I looked like at 18, before the gender change…USCG Special Warfare Squadron One, Da Nang, 1966.

Thanks for the prompt response.

Does the system connect fine if you use another internet account?

I will find out when I go back to the client’s home this afternoon (it’s 7AM Tuesday here on Kaua’i Island). We just ran out of time last night.

I must make sure this is not a Verizon server issue, which happens regularly. But yes, it does connect OK using a dialup to my server…so I’m not sure the virus is still really THE issue.

Will post later and let you know.

It is starting to look like a Verizon error. If you are at that clients place, check the proxy settings. I don’t know if Verizon needs them or not. But it could be they are not correct. Also check the hosts file to make sure Verzizon and other sites are not blocked there.

At least Verizon tech support is what we Hawai’ians call “akamai”…adept and courteous. There were no issues on their side. Eventually, by repeatedly cleaning with Avast, got the machine to connect consistently. The essential problem was that it would connect once only, either via IE or OE, then not again, due to the bug I assume. By the fourth cleaning and restart it was operating correctly. I’m just at a loss as to why it checked clean here at the lab and then picked up new bugs…the iel.exe (LowZone) and another named Rob3, both of which seated themselves in memory, without even opening any mail, etc. in the short time during DSL installation. At this point, we’re fairly content with the Avast and Spybot scans checking OK and the Internet appliances working correctly. Mahalo nui loa for your assistance. It was valuable. Still would like to know where to find a library entry in English on the LowZone. All I could find was 3 or 4 entries through Google, and they were in German or Czech.

Different av vendors call it different names. Have a look HERE. Searching google for one of the other names may tell you a lot more.

Hi,

if you find those files:
File C:\patch2.exe
or
File C:\iel.exe

and UPDATED avast doesn’t detect them even in a thorough Scan with archive Scanning,
then please email the files password-zipped & documented to
virus (at) avast.com

I’ll call the client this evening and have her search for those files, then let you know.

It’s very refreshing to find this forum.