Posted 19 June 2006 - 11:18 PM
I think someone has accessed my computer through a trojan or worm, but am not sure. I sign on to windows(xp home/sp2) with a password, and I used to have the screensaver set to resume on welcome screen, which would bring up the password sign-on box. A few days ago, I started to use the computer after it had been idle for a while and the screensaver had come on. On moving the mouse,the welcome screen came up, and I signed on. It went to the next screen but then froze. The only way I could get any response was to wait until the screensaver came on again, and then try to restart from the welcome screen. When I did this a window came up which said "Other people are using this computer and restarting could cause them to lose unsaved data. Are you sure you want to restart?" As I am the only person who uses this computer, I was surprised, to say the least. After trying a few things, I found that if I disabled the 'resume on welcome screen', the screensaver would turn off normally. I have not re-enabled it in case this is how they are accessing. if they actually are. If I have some type of malware, why has nothing picked it up? ZA Pro told me Messenger was trying to monitor activities on my computer, so I have stopped it running with process explorer.
I have Zone Alarm Pro and BOClean(both run on startup), Spyware Doctor(both antispyware and antivirus),Spybot, and Adaware. Task Manager and Process Explorer both say I am the only user logged on when I check them. I have run Rootkit Revealer and Blacklight. Both come up clean. HijackThis scan showed two items concerning Messenger: one was an extra tool menuitem, the other an extra button. I fixed both. I have not enabled the 'resume on welcome screen' since, and windows will restart or shutdown normally, so I don't know if I still have a problem.
Has anyone heard of this happening, or had a similar problem?