Have I Acquired a Trojan?

[OttoDaFe]

Horse, that is . . .

If I have, I suppose I deserve it since I was looking up a disco-era song at the time (yesterday afternoon). Anyway, the details:

One of the links the search engine provided me was actually a porn index site. It was also one of those charming sites that you can’t kill with a nuclear device—I closed the window, then closed the entire browser (FireBird), and ZoneAlarm still indicated that a transfer was in progress. So I powered the computer off, then disconnected it from the hub and called in the HazMat response team (AdAware, AVG Antivirus, and SpyBot). All reported that the system was clean.

BUT the next several times I powered up, it hung at login. The task list (when I managed to get to it) indicated that msgsrv32 was not responding; but when it finally did come up, msgsvr32 was not in the task list at all. My recollection (confirmed by a search using my Linux box, which is what I’m on now) is that this behavior is consistent with the phase-0 trojan; but the registry keys that should have been present weren’t there. And phase-0 is old enough that the HazMat team should have caught it.

To confuse things even more, this morning the system booted up without hanging.

So now I’m feeling more than mildly paranoid, and the PC in question is still isolated while I seek advice. Anyone have suggestions or comments (other than on my taste in music, which the Ottlets already know is abominable)? Any and all responses would (will) be much appreciated.

Oh, BTW: the system in question is a Duron 1GHz, 512MB memory, running Win 98SE. I know that to some that’s not far removed from chisels and stone tablets, but it gets the job done for me.

[SlickRoenick]

I would say that if AdAware, AVG Antivirus, and SpyBot didn’t find anything it’s unlikely you have anything at all. It is probably just the robustness of Win98 working it’s marvels

[sailor]

I do my fair share of porn surfing and have never had this problem. Just configure the browser for tight security (disable the Java etc). In any case, all you have to do to stop all transfer is either (a)click on the ZoneAlarm STOP button to go into LOCK mode or (b) use the three finger salute to kill whatever program you want to kill or © disconnect the modem. If it did not have time to download I can’t see how it could be working.

[RealityChuck]

Answersthatwork.com indicates that if msgsvr32 hangs, there is some issue that needs investigating.

AdAware and Spybot can miss some browser hijacking issues, often with CoolWebSearch, which keeps mutating and changing too fast for them to keep up with it. Information on cleaning it (and a download of CWShredder) can be found here.

If the problem persists, go to hijackthis, save the log, and then post it at http://forums.spywareinfo.com for an analysis.

[casdave]

I had something similar to this and Ad-aware and Spybot didn’t find anything.

They did find msblast which was eating up my bandwidth.

When I installed Norton Anti-virus, I was informed I had several virii, and when they were removed I got no more of this problem.