My first post - looking for some help with trojan problems in particular, and a few other things if anyone will be so kind.
I ran a ZASS 8.0.059 scan with everything at its full strength a few days ago and came up with three trojans. Like an ***** I quarantined and then deleted them without taking note of what they were and seeing whether they'd penetrated my system further. I can't find any details of them in the logs for ZA either, so I'm really after some general help and ideas to see whether I may have a continuing problem.
I have since run a couple more ZASS scans on full strength and they came up clean. I also ran a deep scan with Windows Defender and came up clean. I've turned System Restore off, restarted, and turned it on again to clean any old recovery points, (but I haven't yet deleted my Avanquest Recovery Commander checkpoints).
I know one of the trojans identified was Vaklik, which was found in the Microsoft CalcPlus.msi (downloaded from the official site only a few days prior). I presume that was a false positive (as the file seemed clean when scanning from a right click option with ZASS, and also with Defender), but since I don't really use it I deleted it anyway. Unfortunately I can't remember what the other two trojans I had were.
I'm also concerned about ctfmon.exe/CTF Loader. It's in System 32, which seems correct, and I do use it as I switch between UK and US keyboard layouts often, but under Avanquest System Suite 9 Start Up Optimizer the following info is displayed:
Type: Not recommended
Publisher: Microsoft Corporation
Version: 126.96.36.199 Date: 07/19/05 File size: 15.1 KB
Description: Added by the RAIDYS [http://www.symantec.com/security_res...62417-1936-99] TROJAN! Note - this should not be confused with the valid Office XP file, see here [http://support.microsoft.com/default...;en-us;282599]
Source: Paul Collins Startup list
If I check its version myself through properties it's 5.1.2600.5512, and not the version listed above. ZASS doesn't pick up a problem with ctfmon.exe, but I'd like to be sure.
A couple more things regarding general security - should I have any of the real time protection options running in Windows Defender if ZASS is running as normal? (I don't want any conflicts with ZASS's real time protection/on access scanning). Also, I've just started using Privoxy. It's currently set up at my localhost address, but I'm wondering whether it would be safer to run it at my routers IP address - 192.168.1.2. If yes, what should the last digit be .2, .1(Default Gateway) or .0? Would all my browsers and programs then need reconfiguring to this new proxy address, or would they run as normal without having any proxy settings? Would some kind guru (such as Oldsod) be able to provide a copy of their config/action files for Privoxy so I know I'm better protected? And - finally - in laymans terms, what are the benefits/disadvantages of having a host file (with Privoxy running at localhost or 192.168.1)?
Apologies for the length of this thread and my obvious technical incompetence, but any help will be much appreciated.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite