Could this be WGA at work?

Recently, I wanted to make sure I had the latest patches in place on my notebook computer running XP Professional with Service Pack 2, so I went to Microsoft's update pages and found the appropriate download. Upon trying the download, I was informed that I need to verify that my version of XP Professional was legitimate (it is since I received the complimentary CD directly from MS).

This entailed downloading "Windows Genuine Advantage" program followed by the update. Everything worked and the latest patches were installed, but two things happened after the patches were in place:

* My local SQL Server no longer worked

* My router began sending emails to me (it is programmed to email me if some untoward event happens).

The first problem was solved after many hours of searching the Internet. The patch changed a DLL which had to be replaced (changing the DLL and "breaking" SQL Server is their way of fixing one of the of
vulnerbilities).

I am not sure about the emails my router sends me other than I never received them until after WGA was installed along with the patches. Here are a couple of lines from one (and when I connect my notebook to the LAN, I receive multiple warnings):

Jun/13/2006 07:47:18
Target IP(192.168.0.255), Target Port(13 Packet Dropped
Jun/13/2006 07:47:18
Spoof IP(192.168.0.113), Spoof Port(13
Jun/13/2006 07:47:18
Spoof Attack fromd MAC(00-0f-b0-57-8e-a2) Detect,

Could it be that WGA finds it's way aroung my ZoneAlarm by attempting to spoof port 138? And how come ZoneAlarm does not notify me about WGA "calling home"? Is WGA that sneaky?

Todd
Ariste Software
Petaluma, CA