Earlier today, I loaded a CD into my CD drive that I haven't seen in ages. My computer started acting strangely and I ejected the CD.

When my virus scanner ran tonight, it picked up several instances of keylogger95 as well as something that couldn't have come from that CD. (My scanner hasn't scanned in a few weeks, so I'm not sure how long I've had a problem.)

Needless to say, I've been freaking out... changing passwords all over the place, etc.

chkrootkit isn't picking up anything on my servers, so that is good. I did find create-cracklib-dict, not remembering what it was. That scared me for a few seconds.

I really, really hope I've learned my lesson without any real damage.

Do I even need to be worried about keylogger95 on a 98 windows system with a dynamically assigned IP?

Can anyone recommend good personal firewall software for a win98 machine so I know what is being sent out? I'd love a freeware recommendation so I can do it now. I'll also pay for better software in a few weeks if the value is there, so I'd like some advice on that also.

Home PC will be Linux in the next few months, but I'll still need some solutions for my current win98 setup. Any help is appreciated.

What virus checker and when was the virus definitions updated?

Your chkrootkt - is it updated? Also try to use a fresh copy as much as posible.

On your pc install ZoneAlarm.com for now - buy their pro if you like them enough.

umm zonealarm is an internet firewall:rolleyes:

Originally posted by roly
What virus checker and when was the virus definitions updated?

My antivirus program is Norton, and I updated the virus definitions within the last week. I always keep it running in the background. I'm pretty good about keeping the definitions updated, but stop the scans when I'm working. (Seems like 24-7.)

That is part of why I feel completely stupid right now. I always assumed my antivirus would catch things like that when they initiated. I don't feel that way now.

Chkrootkit is less than a month old. I should look into that and make sure it is current.

Originally posted by roly
umm zonealarm is an internet firewall:rolleyes:

That is ok. If someone is keylogging me in my home, I have much more serious problems that I thought. ;) I want to make sure data isn't being sent out to other machines while I'm connected.

And thank you all for the help. Any other info is appreciated as well.

About being worried about keylogger95 on a 98 box, yes, you should be. Windows 95 and 98 are quite similar and generally, malicious programs that exploit one are able to exploit the other as well.

For a firewall, I've always prefered Tiny Personal Firewall over Zone Alarm. It's free and available at http://www.tinysoftware.com if you're curious.

Also, to protect you from trojan horses and remote keylogger applications, I recommend a program called The Cleaner, which is not free, but available in a 30 day trial at http://www.moosoft.com

Good Luck!