(Msg. 1) Posted: Sun Jun 22, 2008 8:32 am
Post subject: How does this malware target the system? Add to elertz Archived from groups: alt>comp>anti-virus (more info?)
I recently reinstalled Windows XP for a customer with a badly infected
system. I didn't do a repair - I deleted the partition and did a complete
reinstall. The first time I opened Internet Explorer 6 on the system I got
a pop-up for XP Antivirus 2008, which the customer was getting before the
reinstall. When this happened the system already had SP2 and Trend Micro
2008 fully updated. Is it possible for this malware to hide somewhere and
survive a complete reinstall? Is the customer's IP address is being
targeted? Poisoned DNS? Any ideas appreciated.
(Msg. 2) Posted: Sun Jun 22, 2008 9:14 am
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
You did a clean install was it a clean install that included SP2 or was SP2
installed after the install? If the former then it could be DNS. Or did you
restore any backed up files you made before the install, if so then they may
have been infected.
--
Stalking is a Crime
Stalking charges are serious and
almost every state now has a strict stalking law.
"Victek" <Victek.TakeThisOut@invalid.invalid> wrote in message
news:g3lram$kg4$1@registered.motzarella.org...
>I recently reinstalled Windows XP for a customer with a badly infected
>system. I didn't do a repair - I deleted the partition and did a complete
>reinstall. The first time I opened Internet Explorer 6 on the system I got
>a pop-up for XP Antivirus 2008, which the customer was getting before the
>reinstall. When this happened the system already had SP2 and Trend Micro
>2008 fully updated. Is it possible for this malware to hide somewhere and
>survive a complete reinstall? Is the customer's IP address is being
>targeted? Poisoned DNS? Any ideas appreciated.
(Msg. 3) Posted: Sun Jun 22, 2008 4:19 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Did you format the disk before installing Windows XP. if you didn't you only
deleted the directory where windows sits.
If you want to do a clean install you need to format the disk during the
install.
Regards,
"Victek" <Victek RemoveThis @invalid.invalid> wrote in message
news:g3lram$kg4$1@registered.motzarella.org...
>I recently reinstalled Windows XP for a customer with a badly infected
>system. I didn't do a repair - I deleted the partition and did a complete
>reinstall. The first time I opened Internet Explorer 6 on the system I got
>a pop-up for XP Antivirus 2008, which the customer was getting before the
>reinstall. When this happened the system already had SP2 and Trend Micro
>2008 fully updated. Is it possible for this malware to hide somewhere and
>survive a complete reinstall? Is the customer's IP address is being
>targeted? Poisoned DNS? Any ideas appreciated.
(Msg. 4) Posted: Sun Jun 22, 2008 8:15 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
> Did you format the disk before installing Windows XP. if you didn't you
> only
> deleted the directory where windows sits.
>
> If you want to do a clean install you need to format the disk during the
> install.
>
> Regards,
>
I deleted the partition (actually two partitions), created a new partition
and "quick formatted". Quick formatting was possible because the two old
partitions were NTFS. It's a lot faster, but I know it doesn't actually go
through and overwrite every sector.
(Msg. 5) Posted: Sun Jun 22, 2008 9:57 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Bullwinkle wrote:
> Did you format the disk before installing Windows XP. if you didn't
> you only deleted the directory where windows sits.
>
> If you want to do a clean install you need to format the disk during
> the install.
>
> Regards,
>
(Msg. 6) Posted: Sun Jun 22, 2008 9:59 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Victek wrote:
> I recently reinstalled Windows XP for a customer with a badly infected
> system. I didn't do a repair - I deleted the partition and did a
> complete reinstall. The first time I opened Internet Explorer 6 on
> the system I got a pop-up for XP Antivirus 2008, which the customer
> was getting before the reinstall. When this happened the system
> already had SP2 and Trend Micro 2008 fully updated. Is it possible
> for this malware to hide somewhere and survive a complete reinstall? Is
> the customer's IP address is being targeted? Poisoned DNS? Any
> ideas appreciated.
A few questions.
i) did the install come with sp2, or did you do an sp2 upgrade after
installation?
ii) Does the computer connect to the internet through a router?
(Msg. 7) Posted: Sun Jun 22, 2008 9:59 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
>> I recently reinstalled Windows XP for a customer with a badly infected
>> system. I didn't do a repair - I deleted the partition and did a
>> complete reinstall. The first time I opened Internet Explorer 6 on
>> the system I got a pop-up for XP Antivirus 2008, which the customer
>> was getting before the reinstall. When this happened the system
>> already had SP2 and Trend Micro 2008 fully updated. Is it possible
>> for this malware to hide somewhere and survive a complete reinstall? Is
>> the customer's IP address is being targeted? Poisoned DNS? Any
>> ideas appreciated.
>
> A few questions.
>
> i) did the install come with sp2, or did you do an sp2 upgrade after
> installation?
> ii) Does the computer connect to the internet through a router?
>
> Gaz
SP2 was included in the OS CD, not added afterward. Regarding the install I
deleted two smaller partitions, created one new large partition and quick
formatted it with NTFS.
The computer connected directly to a DSL modem. The included XP firewall
was turned ON. At the time I didn't think to go into the modem settings to
see if they had been messed with.
(Msg. 8) Posted: Tue Jun 24, 2008 7:13 pm
Post subject: Re: How does this malware target the system? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Victek wrote:
>>> I recently reinstalled Windows XP for a customer with a badly
>>> infected system. I didn't do a repair - I deleted the partition
>>> and did a complete reinstall. The first time I opened Internet
>>> Explorer 6 on the system I got a pop-up for XP Antivirus 2008,
>>> which the customer was getting before the reinstall. When this
>>> happened the system already had SP2 and Trend Micro 2008 fully
>>> updated. Is it possible for this malware to hide somewhere and
>>> survive a complete reinstall? Is the customer's IP address is being
>>> targeted? Poisoned DNS? Any ideas appreciated.
>>
>> A few questions.
>>
>> i) did the install come with sp2, or did you do an sp2 upgrade after
>> installation?
>> ii) Does the computer connect to the internet through a router?
>>
>> Gaz
> SP2 was included in the OS CD, not added afterward. Regarding the
> install I deleted two smaller partitions, created one new large
> partition and quick formatted it with NTFS.
>
> The computer connected directly to a DSL modem. The included XP
> firewall was turned ON. At the time I didn't think to go into the
> modem settings to see if they had been messed with.
Some versions of java, which might come preinstalled on some manufacturer's
xp cds were susceptible to such infections without any further intervention
by the user.
The use of a usb modem of course, even with the sp2 firewall on, exposes an
unpatched ie6 in a way that a router wouldnt.
All times are: Eastern Time (US & Canada) (change) Goto page 1, 2
Page 1 of 2
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Search
Profile
Private Messages
Log in/Register/Password
Security