How does this malware target the system?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I recently reinstalled Windows XP for a customer with a badly infected
system.  I didn't do a repair - I deleted the partition and did a complete
reinstall.  The first time I opened Internet Explorer 6 on the system I got
a pop-up for XP Antivirus 2008, which the customer was getting before the
reinstall.  When this happened the system already had SP2 and Trend Micro
2008 fully updated.  Is it possible for this malware to hide somewhere and
survive a complete reinstall?  Is the customer's IP address is being
targeted?  Poisoned DNS?  Any ideas appreciated.


Re: How does this malware target the system?

You did a clean install was it a clean install that included SP2 or was SP2
installed after the install? If the former then it could be DNS. Or did you
restore any backed up files you made before the install, if so then they may
have been infected.


--
Stalking is a Crime
Stalking charges are serious and
almost every state now has a strict stalking law.




Quoted text here. Click to load it


Re: How does this malware target the system?

Did you format the disk before installing Windows XP. if you didn't you only
deleted the directory where windows sits.

If you want to do a clean install you need to format the disk during the
install.

Regards,

Quoted text here. Click to load it



Re: How does this malware target the system?

Bullwinkle wrote:
Quoted text here. Click to load it

The OP said he did a format and a clean install.

Gaz



Re: How does this malware target the system?


Quoted text here. Click to load it
I deleted the partition (actually two partitions), created a new partition
and "quick formatted".  Quick formatting was possible because the two old
partitions were NTFS.  It's a lot faster, but I know it doesn't actually go
through and overwrite every sector.


Re: How does this malware target the system?

Victek wrote:
Quoted text here. Click to load it

A few questions.

i) did the install come with sp2, or did you do an sp2 upgrade after
installation?
ii) Does the computer connect to the internet through a router?

Gaz



Re: How does this malware target the system?

Quoted text here. Click to load it
SP2 was included in the OS CD, not added afterward.  Regarding the install I
deleted two smaller partitions, created one new large partition and quick
formatted it with NTFS.

The computer connected directly to a DSL modem.  The included XP firewall
was turned ON.  At the time I didn't think to go into the modem settings to
see if they had been messed with.


Re: How does this malware target the system?

Victek wrote:
Quoted text here. Click to load it

Some versions of java, which might come preinstalled on some manufacturer's
xp cds were susceptible to such infections without any further intervention
by the user.

The use of a usb modem of course, even with the sp2 firewall on, exposes an
unpatched  ie6 in a way that a router wouldnt.

Gaz



Re: How does this malware target the system?

On this special day, Victek wrote:

Quoted text here. Click to load it

My sister had pop ups of the fakealert kind although the Microsoft
Messenger was de-activated, after hitting the wrong button once in a
message box; and I had a hard time getting the trojan off her machine.

The message that made her download the trojan, was accessed via Google
Toolbar, or more precisely its chat line.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
the difference is in the eye of the beholder... even history is not an
impartial judge, as it is written by the victors...
-
Kurt Wismer in alt.comp-anti-virus



Re: How does this malware target the system?

Gabriele Neukam wrote:
Quoted text here. Click to load it

I suggest you eliminate the Google toolbar. Use only the toolbar built
into the browser (it's actually just another bookmark folder.) As for
chat lines, and other such programs - they are dangerous, as your friend
found out. I don't have any access to chat rooms, instant messengers,
etc, on this  machine for that reason. If I want to talk to someone,
I'll use a Real phone. Much more pleasant, IMO.

_Never_ install a 3rd party toolbar. Unfortunately, a lot of software by
default installs one or another of these.

--
wolf k.

Site Timeline