Well, I finally decided to rid myself of the spyware/trojan/worm/whatever that I have had bottled up behind my McAfee firewall for the last so may months. So I triple-R'd my machine, reformatted the hard drive (the second "R"), and reinstalled Win2K, immediately followed with SP4 (which one of my colleagues at my former job downloaded from MSDN and burned onto CD for me). I then installed my modem software (which took about a half-day because Micros~1's installer insisted that I couldn't query the modem, even though as it turns out I can access it anyway).
Then I went looking for another firewall, as I didn't want to spend the time installing the entire all-but-useless McAfee AV suite just to get its firewall. So I went off to ZoneLabs to get the ZoneAlarm firewall. While there, I saw the blurb for a free spyware scan. Hmmm. I hadn't installed my rather outdated versions of AdAware SE or SpyBot S&D yet, and...well, it is ZoneLabs, after all, so how dangerous could it be? So I started the download. After about 15 seconds a message pops up stating that I have a "Netscape(Mozilla) browser" (actually firefox 1.0.1), and since the thing needs to download an ActiveX control, I need to use Insecure Exposer to get it. Damn! Well, it is ZoneLabs...how dangerous could it be? So, through clenched teeth I fired up IE and navigated to the ZoneLabs page, where I started the download.
Now I'm doing this over a 36.0K modem link, so I don't expect speed. But I'm watching the modem icon in the system tray and noticing a lot of traffic in both directions, but no activity on the screen. So I get impation, and kill everything, power down and then start up again. This time, I forego the spyware scan (I'll get it later), and simply go to download ZoneAlarm. Well, the download starts running...then starts walking...then slows to a crawl (<1.2MB/s), then stops altogether. No activity on the modem icon, and I cannot access IWETHEY. So, I hang up and try again.
During this connection, I notice a lot of activity when nothing is supposedly happening. Not good. So I fire up the modem status box and notice that I'm sending about 13K of stuff every second,a nd receiving somewhere about 1/2 to 3K in that same second. Furthermore, during the download, I'm registering 1K of data saved to my download file for every 12-15K of data actually downloaded. So, somehow, I've become a clearinghouse for somebody. Apparently, I've been zombied.
What I can't understand is, how is this happening? A "clean" reboot and rebuild, and net access through a dialup where I get a new IP address on each connection.
So, How do I fix this? I can't download anything because all the zombie traffic is clogging up may narrow pipe. My dated versions of AdAware and SpyBot S&D say I'm clean. I can't install AVG Antivirus because it requires Net access to get the serial number, and that's not happening. (This message is being posted through my wife's machine and was created offline because about halfway through the connection, I started noticing a bunch of unexplained traffic, to which I responded by summarily hosing the connection.
(I saw Grygus's thread about the "invisible" VX2, and will try to download the tools he suggests. And I will also put up the McAfee AV suite anyway just to get some form of firewall protection.)
Any ideas as to where to go from here?
thanx-