• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How did this spyware get on my system???

O

Ozymandias

Junior Member
So I just installed a new hard drive on my wife's HP laptop. I installed the OS (XP SP2) and drivers with the HP recovery disk. Then I installed a couple other programs but nothing that I carries spyware AFAIK. I was about a day late installing all the security updates so this is a possible entry point.

Somehow 2chkdsk has gotten on my system. Does anyone know how this malware / virus maks it onto systems?
 
It takes only a few minutes of unprotected surfing to get infected these days.

Security patches are a plus, but a good anti virus program and a goodspyware program are a must!!!!!

Chech the thread stickied for some great solutions/answers to whats best for you 🙂
 
This is why I install the security software (antivirus, firewall, anti spyware software) off my flash drive before hooking up the pc to download MS patches and stuff. Like Wolfsraider said, it only takes a few minutes...
 
The normal thing to do would be to simply remove 2chkdsk and move on.

But of you really want to find out how you got infected there may be a semi-scientific to find out
how you got burned.---but very definitely do not toss the word definitely around lightly. To more or
less cover the universe of possibilities---I would list four possibilities.

(1) You may assume you got a new drive--but 2chkdsk could have been on the drive to begin with.
Normally the format process would over write and remove it. But some malware can survive the over write process once but seldom twice. And the drive might have been someone's RMA return.--repackaged and sold to you as brand new.---with the malware on the boot sector that does not get over written.----a pretty remote possibility but still a non zero possibility.

(2) Normally a HP reinstall disk contains more than just the drivers and the OS. And is loaded with 30 day trail offers, tons of annoying ads for various products, and a pile of other stuff---any one of which could contain the malware.---but if that were true---it would be appear every time you reinstalled the
HP restore disk.

(3) You had the malware inside of what you thought were safe programs.--again easy to test--just get rid of 2chkdsk--remove your supposedly safe programs---and then reinstall them.---does 2chkdsk now reappear on your computer?

(4) I assume you did your windows updates on line---and likely you had a ton of them to do. And during that time you are exposed on the internet with a less than fully patched machine---You did at least have the sp2 firewall up and running didn't you? The sp2 firewall may be a wimp but its better than nothing. What other security measures did you have up and running? Did you have an active AV running?---what anti spyware programs that had some active protection did you have running? Did you at least tighten up the security settings in internet explorer before going on line? Did you have a
process control app up and running before going on line? And that other question---did the computer in question access the internet under its own right---or did it do it as part of a network? But the likely infection scenario #4 is totally not replicatable--and is the most likely of the four.

But I am very thankful that when I bought a used PC---I took the time to pre-install from pre prepared cd-r---a decent security set up before I ever exposed it to the internet and my network.
Because that used computer was completely infested with malware and would have spread the infection to every computer on my network.

Its easy to prepare such a security cd.---Just download an burn to cd-r

1. Your choice of a software firewall

2. Your choice of a active anti-virus

3. Your choices of a anti-spyware apps---adaware by lava soft--and spybot serch and destroy should always be on it minimum. I would also include spyware blaster.

4. AT least one process control app---win patrol is a freebie that springs to mind.

And get those up and running right after you install the OS---even if run them with old definitions, they will probably catch anything already on the PC. And after they are up and running---then its a lot safer to visit the internet when you do visit windows updates--and do your other updates.

 
Thanks for all the replies. Yeah the computer was online and unprotected for about 24 hours, but it was behind the router...so I doubt a software firewall would have done a lot.

I didn't install any trial software or malware off the CD's...I am sure of it. However, I did install a version of MS Office from a questionable source so I think it possible that was infected. Another thing is I read that this virus spreads a lot through old versions of the Java plug-in.

So I guess those are the two likely sources. Anyway, I finally got it removed and all the security updates installed...so everything is all good. I am definitely not going to try to install that questionable version of Office again...it's not worth it. 🙂 Thans for the tip though. I definitely think installing an antivirus before going online is going to be part of the procedure next time.
 
Originally posted by: OzzieGT
Thanks for all the replies. Yeah the computer was online and unprotected for about 24 hours, but it was behind the router...so I doubt a software firewall would have done a lot.

I didn't install any trial software or malware off the CD's...I am sure of it. However, I did install a version of MS Office from a questionable source so I think it possible that was infected. Another thing is I read that this virus spreads a lot through old versions of the Java plug-in.

So I guess those are the two likely sources. Anyway, I finally got it removed and all the security updates installed...so everything is all good. I am definitely not going to try to install that questionable version of Office again...it's not worth it. 🙂 Thans for the tip though. I definitely think installing an antivirus before going online is going to be part of the procedure next time.
Click to expand...

you could scan it with spyware/antivirus scans and see but I definitely I agree its the most likely culprit😉
 
On my latest clean build last month, I downloaded AutopatcherXP and got the latest HOSTS file before getting started. And I followed with my security apps, so my SP2 install was 98%+ secured before I plugged in my net tap.

But yeah, one "questionable" application install can make any secure machine vulnerable.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top