Newbie question zonealarm pro

Hi all-

This is probably an easy question to answer, but I'm pretty concerned, so
here goes. On my home computer I am running XP SP2, Zonealarm Pro, NAV
2003, Firefox, Agent, DCPP...just reformatted and installed all maybe 2 days
ago. However, today I got an alert from Zonealarm Pro sayinf "Windows
Messenger is attempting to monitor your keystrokes and/or mouse movements."
Or something to that effect. Is this normal, or do I have a keystroke
logger one day after completely wiping, reformatting, and reinstalling?

TIA!!!

-Ryan

"Ryan" <ryancw@yahoo.com> wrote in message
news:11ltkrhm27jhhe4@corp.supernews.com...
> Hi all-
>
> This is probably an easy question to answer, but I'm pretty concerned, so
> here goes. On my home computer I am running XP SP2, Zonealarm Pro, NAV
> 2003, Firefox, Agent, DCPP...just reformatted and installed all maybe 2
days
> ago. However, today I got an alert from Zonealarm Pro sayinf "Windows
> Messenger is attempting to monitor your keystrokes and/or mouse
movements."
> Or something to that effect. Is this normal, or do I have a keystroke
> logger one day after completely wiping, reformatting, and reinstalling?
>
> TIA!!!
>
> -Ryan
>
##############################
It might not be normal but it's certainly possible.
donnie

Hmmm...any ideas on how to check and/or eliminate? Real newbie here.

Thanx again!!!
-Ryan
"Donnie" <queyosepa@quetejodas.net> wrote in message
news:haf8f.185488$qY1.84197@bgtnsc04-news.ops.worldnet.att.net...
>
> "Ryan" <ryancw@yahoo.com> wrote in message
> news:11ltkrhm27jhhe4@corp.supernews.com...
> > Hi all-
> >
> > This is probably an easy question to answer, but I'm pretty concerned,
so
> > here goes. On my home computer I am running XP SP2, Zonealarm Pro, NAV
> > 2003, Firefox, Agent, DCPP...just reformatted and installed all maybe 2
> days
> > ago. However, today I got an alert from Zonealarm Pro sayinf "Windows
> > Messenger is attempting to monitor your keystrokes and/or mouse
> movements."
> > Or something to that effect. Is this normal, or do I have a keystroke
> > logger one day after completely wiping, reformatting, and reinstalling?
> >
> > TIA!!!
> >
> > -Ryan
> >
> ##############################
> It might not be normal but it's certainly possible.
> donnie
>
>

"Ryan Wenzel" <ryancw@gci.net> wrote in message
news:11m37hb1b8b3194@corp.supernews.com...
> Hmmm...any ideas on how to check and/or eliminate? Real newbie here.
>
> Thanx again!!!
> -Ryan
##############################
I'm assuming it's a stand alone machine, that is, no other machines are
connnected as part of a network. If that's the case and there is a keystoke
logger runing, then it must be sending the information somewhere. Click
start, run, type cmd in the box and press enter. When you get to the
command prompt, type
netstat -an
and press enter. Do that with all windows closed, such as the browser, mail
and newsgroup windows.
Pay attention to the foreign address column. Note any established
connections, the IP address and the port. If you don't know how to read the
output , post it here and someone will help you.
The next thing or actually it could be the first is, look in the registry.
Click start, run, type regedit and press enter. When the box opens click on
the following plus signs
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Then open the run folder. Look for things that don't belong. Again, if
you're not sure, post it here. Many trojans hide in that folder. The same
for HKEY_CURRENT_USER.
Also, run msconfig from the run box the same way. Check the startup,
advanced, win.ini, config.sys, autoexec.bat. Things can start from those
places too.
donnie