2 weeks back I did a factory restore of my multimedia desktop that runs WinXP home.

I then accessed MS site for the latest updates. I also installed latest Zone Alarm full edition (Pro + Virus scanning etc:). I also am running this PC behind a router firewall with NAT etc: but there were a couple of days where I had it directly on the net (cable) while setting everything up.

The past few days have been getting what I consider to be classic symptoms of a trojan.

1) When I start the computer it says there is a disk not mounted & the program this is issued from never has the same name.

2) I am connected to the net via NAT firewall, I go to access a website using MSIE & the computer tries to dial out even though I have Firefox open & accessing the web.

3) I keep this computer isolated from my other Win2000 & Linux machines so when I want to transfer from these other machines I have to login. This login process can take 4 minutes.

Seems to me that somehow the machine became compromised very quickly after factory reinstall. I was told by a net security person from Enterasys (who we do business with) that there is a major problem whereby people doing a security update to Microsoft, can actually be doing so from a bogus MS update site & that this is a possibility for what has happened.

Anyone have any thoughts on the above (I have yet again restored from factory disk just now but am keeping the machine off the net)

Doug Marker

Installed the updates after obtaining them directly. Then added ZoneAlarm Security Suite.

But when I added Logitech web cam, went thru the same (previously posted) exercise of seeing a 'network device' get set up (I took screen grabs of it) then on next reboot this 'network device' dissapeared.

I will post the screen grabs some time but am off on 2 weeks hols so it probably won't be til after I am back.

Cheers

Doug