My Zone Alarm (Free) has very recently started to log high numbers of informational alerts concerning blocked packets originating from my machine and destined for addresses which appear to be all over the world. These occur at a rate of 1-5 per second and are principally TCP (Flags:S) with some UDP. Each alert is shown as being from the IP address of my internet cable modem, followed by a port number which increments by one at each alert. It looks to me as if something is scanning for an open port but I cannot establish what.

I tried closing down every user process on the PC except Explorer and Zone Alarm to see if I could identify the process generating them but to no effect. I also ran AVG antivirus and SpyBot S&D but, even after removing anything that looked slightly suspect, the ZA behaviour continues.

I have recently been experimenting with some video streaming programs (eg Coldstreaming, PPLive, TVAnts) which more or less require to be given server permission. I am uneasy about this as I'm afaid it could open the door to intrusions and I wonder if it has any connection with the blocked outgoing packets (although none of these programs are running while the alerts continue).

Any advice would be very welcome.

Thanks,
wjh2401

Operating System: Windows XP Home Edition
Product Name: ZoneAlarm (Free)
Software Version: 6.5

You have been infested by malware. One possibility is infection by a spammer who is using your system to port scan other systems to infect or use for sending spam. Why do all that work and use their own bandwidth when they can use victims' systems to do it for them. So, Here's what I suggest that you do:

To get started, you must join as a member here to get the kind of help you need, that is only given to members here. Then, I recommend that you follow CastleCops' Malware Removal and Prevention procedure, a new system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you. If they determine that you do have a rootkit that requires our assistance, you will then be referred to a different forum for more help. This way, you can have your system comprehensively and systematically cleaned of all malware and rootkits if there are any.

You might also want to read this to learn more about rootkits:

http://wiki.castlecops.com/Rooting_Out_the_Dangers:_Rootkit_Removal_for_Beginners

Thanks PCBruiser for your detailed advice.
However, the solution which finally dawned on me proved not to be malware.
(1) My No1 PC acts as an ICS host to provide internet access to my No2 PC which is usually off except when children use it. For ICS to work with Zone Alarm (Free), the Internet Zone Security level on the host has to be set to Medium.
(2) Unknown to me, the No2 PC had been left on when last used.
(3) I had recently installed an upgrade to Zone Alarm on No1 PC which, despite being installed as an upgrade rather than a fresh installation, reset the Internet Security level to its default value of High.
(4) End result was that No2 PC was trying desperately to find a port on which it could access the internet. Easily proved by attempting unsuccessfully to access internet from No2 PC then switching off No2 PC which stopped the outgoing alerts.
(5) Remedy - reset the Internet Zone Security level to Medium on No1 PC, restart No2 PC and all is well.
However, I do intend to use your instructions to carry on and give both machines a complete Spring clean. Thanks again.
wjh2401