eTrust EZ Armor 2005, Firewall, question/problem

ive been having trouble with my computer for months now and since the last time i restored my computer a couple weeks ago ive only been using norton antivirus 2003 that came with my windows XP.
yesturday i restored it again. after restoring i downloaded mozilla firefox as my web browser because ive had people tell me IE has too many problems.
i asked a few people of what antivirus/spyware programs were the best and ive downloaded a few. i downloaded Ad-Aware which found one thing "Alexa" or something like that which i removed. i also downloaded AVG 6.0 free version, and it didnt find anything.

at different times over the last few weeks, ive had an IE webpage load from www.angelfire.com/amiga2/nubnub/active.htm which has tried to install/download something before i clicked "X" to close the page. ive noticed since then that angelfire webpage was deleted by angelfire, but last night i had a different IE angelfire webpage pop up and try to load even though ive been using mozilla firefox as my web browser. i also noticed on my mozilla firefox that my favorits list had been erased.

i also download eTrust EZ Armor 2005. since installing it today the Firewall has constantly been letting me know about blocking access to my computer. i get an alert pop up that says.. "the Firewall has blocked access to your computer from (TCP Port #) from (IP#) (TCP Port#) [TCP flags:S]"
im not sure what that means. does that mean someone is trying to access my computer from somewhere else? or is that something simple like somethign to do with cookies?
today in probually 5 hours total ive had over 1000 blocked with 4 being high rated.
my internet zone security is on HIGH.
my trust zone security is on MEDIUM.
program control is MEDIUM.
alert events shown HIGH.
event logging ON.
program logging HIGH.
cookie control MEDIUM.
Ad blocking HIGH.
mobile code control is off.

ive also downloaded and ran SpywareDoctor which found and removed 3 files the first scan, and the 2nd scan was clean.

im not exactly computer smart so im not sure what all this means, but id like to know if all these alerts mean someone is trying to access my computer, or if theres something on my computer i need to remove?

are there any other good programs to get that help?
any help is appriciated, thanx

 

i dont think im running more than 1 Firewall.
im using the eTrust EZ Armor 2005 Firewall.
i downloaded and ran Ad-Aware, it found "alexa" and i removed it.
i downloaded and ran the AVG 6.0 free version yesturday and ran it once.
i downloaded Spybot Search and Destroy, ran it once, it found a couple things, 1 "alexa" related thing and i removed them.
i downloaed and ran CWShredder and i dont remember it finding anything.
i downloaded Spyware Doctor, and its set to run everytime i start up windows. the first time it found a couple and i removed them. since then it has said everythings clean.

im using a dial up modem because i live in the country and cant get anything high speed, and i know with my dial up connection it has a Firewall.

i also know with my windows XP it has the norton antivirus 2003 that came with it, but i havnt used it at all.

the biggest thing im curious about is all the alerts im getting from my eTrust EZ Armor Firewall. i have it set so the small alert window doesnt pop up everytime, instead it just shows me the stats in the window it has open.
but theres a new alert about every 15-20 seconds. since installing it early yesturday afternoon ive had 2234 alerts with 7 being high rated. im not sure what those alerts are from. in the log file it shows the different alerts with the rating, date/time, type, protocol, Source IP, Source DNS, and at the bottom where it has Entry Detail, it says.. packet sent from IP# ect..
id like to know what those alerts are. are they something serious like someone trying to access my computer all the time, or are those something simple thats normal and suposed to happen?
are there any other programs that would be good to download, install, and run ? ive heard about hijackthis, but ive been told its something like a last resort if nothing else works and for more advanced users, and im not really sure what im doing with what ive got now.

thanx for the help

 

another thing my eTrust EZ Armor Firewall does is ask when something wants to connect to the internet like a program, and then i have to give it permission or not. i had an alert pop up, asking.. Application Layer Gateway Service requestion permission to access the internt. it was a hig rated. at first i said no, but then i had another thing pop up saying eTrust could not connect to the itnernet, so im assuming that thing was the Etrust needing to connect right? i then restarted my computer and when it came up again i said yes.. but what is Application Layer Gateway Service?

 

I've never had a firewall block that many in such a short time. But on the other hand -- they're being BLOCKED!

RE: gettiing details: I don't use that firewall but do you have an option on the alert/log page to have it show by "firewall" or by "program" -- meaning it will list under "alert type" simply "firewall" without details or it could give you "program" names and whether it's accessing or a new or repeat program trying to get through the firewall (does that make sense?). It's an option in Zone Alarm so that's why I ask. It would answer some of your questions.

 

I just typed it into google and got a bunch of hits. The first one is this and is a great explanation. It sounds like you do need it to connect.
This is part of what it said:
Application Layer Gateway Service
Service Name ALG Process Name alg.exe
Default Settings XP Home : Manual XP Pro : Manual
Microsoft Service Description Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall.

Real World Description: One of the bits and pieces you need if you connect to the internet using Microsoft's Internet Connection Sharing or Internet Connection Firewall,
Is this service needed? Possibly
Recommended Setting: Manual

http://www.theeldergeek.com/application_layer_gateway.htm

 

in my alerts & logs it has different headings..
Rating.
Date/Time.
Type.
Protocol.
Program.
Source IP.
Destination IP.
Direction.
Action Taken.
Count.
Source DNS.
Destination DNS.

most of the time the alerts are....

Rating. -- Medium
Date/Time. --date & time
Type. -- Firewall
Protocol. --TCP (flags:S)
Program. --(empty)
Source IP. -- IP# (always differnet)
Destination IP. --IP# (mine)
Direction. --incoming
Action Taken. --blocked
Count. --1
Source DNS. -- always different
Destination DNS. -- (empty)

for the Application Layer Gateway Service, it was...

Rating. --High
Date/Time. --date & time
Type. --Program Access
Protocol. --(empty)
Program. --Application Layer Gateway Service
Source IP. --IP#
Destination IP. --IP# (mine)
Direction. --incoming
Action Taken. --allowed(once)
Count. --1
Source DNS. --(empty)
Destination DNS. --(empty)

a few times for the High rating, it has Protocol as UDP with an empty Source DNS

if its giving the IP# of whatevers trying to access my computer, is it possible to report that IP # anywhere ?

alos in my Program Control, i have the Program Control set as Medium-- programs must ask for access and server rights. componet control is learning mode.
if i change that ProgramControl to High, it says --Advanced Program Control enables the advanced protection of Componet Control and Advanced Program Control. to minimize the number of alerts you will see, use this setting after you have first accessed the internet with your most common internet-accessing programs. ..then it says High- Programs must ask for server rights. Comonet Contol is on. ..which one is better to leave it at?
and then i have the automatic internet lock off.

in my Firewall- Internet Zone Security, its set to High-- Stealth mode. your computer is hidden and protected from hackers. sharing is not allowed. this setting is recomended for the Internt Zone.
the Trusted Zone Security is on Medium- Sharing mode. Computers can see your computer and share its resources. This setting is recomended for your Trusted Zone.
Blocked Zone Security is Blocked.

Privacy- Cookie Control - Medium --blocks cookies from tracking sites. allows cookies for personalized services.
Ad-Blocking- High --blocks all banner ads. blocks all popup/pop-under and animated ads.
Mobile Code Control is off. --allows embedded objects, mime objects, scripts, and javascrips... should that be on or off ??

i think thats all the information, hope that helps.
help is appriciated, thanx

 

I don't think there's much "reporting" that will be beneficial for you to do. Someone else can jump in if they don't agree with me.

As far as typing in the IP# I've checked out some by going here:
http://www.webreference.com/cgi-bin/nslookup.cgi
and it will give the domain name.

Again, there's stuff/people/whatever out there constantly "pinging" and looking for access to your computer -- that's why you install a firewall. I wouldn't take much time "worrying" about each and every one -- there's too many.

Did you read about the Application Gateway Service? There's certain things that need to go one way or both ways to and from your computer. Some things you stop with the firewall. Others you can disable in the services part of your computer if you don't need them to be running at all (then you don't need to worry about them trying to access any ports through your firewall).

Go to www.blackviper.com for ideas about which services to disable. That's what the end of the message meant about:

But that's something you have to decide based on what other programs and services you have running.