Re: Help!: What kind of virus/trojan survives a full OS reinstall?

From: Robert Moir (robspamtrap+msnews_at_gmail.com)
Date: 12/29/04 

Date: Wed, 29 Dec 2004 12:19:53 -0000

entropy123 wrote:
> My first attempt was to completely reformat the desktop; give it a
> clean slate. However, after reformat the 100%/100% problem continues.
> (Laptop was not on and not connected to network). What kind of
> computer virus/trojan/exploit survives a fresh reinstall of the OS?

Several can survive a reformat; format is as much use as a virus fighting
tool, as a virus scanner is for erasing hard disks.

Based on what you've said - only the desktop connected to the network - i'd
suggest that either the compromised code is included in one of the things
you install as part of your setup routine, that the problem isn't malware
but a hardware fault (pretty damn unlikely given its affecting two
dissimilar machine types) or the malware is being loaded across the network
before the machine is protected

- are you installing the OS while connected to the internet / your network?
If so, don't do this; re-install the OS, switch on the firewall and install
whatever patches and service packs you have around and only *then* connect
to the network.

- if the internal network connection works, then you can download PC
cleaning utilities / scanner updates to the mac and transfer them to the
windows pc without connecting the windows PC to the internet... assuming you
have a fileshare setup on the PC you can use finder on the mac, i think it's
"connect to server" under the go menu, and then use the following format for
the server address to connect to: smb://windowsPCipaddress/sharename (e.g.
if the windows PC is at IP address 192.168.1.102 on your network and you
have setup a share named "entropy" then you'd type
smb://192.168.1.102/entropy) 

-- 
-- 
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
Kazaa - Software update services for your Viruses and Spyware.

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with Permissions
    ... And SBS server is only take ... the role of an internal server. ... they are all configured to connected to internal network. ... g. Run the Configure Email and Internet Connection Wizard on SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... be sure you do not enable any DHCP server in internal network. ... You do not get any issue when you connect the SBS to the old router, ... On the Connection Type page, click Broadband, and then click Next. ...
    (microsoft.public.windows.server.sbs)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)