Virus on Fresh Install?

Toggle sidebar Toggle sidebar
B

b4u

Golden Member
Nov 8, 2002
1,380
2
81
Good Evening,

I made a format and fresh install of Win2000 Pro with Office XP. After installing SP4 on Win2000 Pro plus WinUpdate on Win2000 and Office, I installed Norton Internet Security 2003.

After running all updates on Norton, and after a few restarts, I received the pop-up message:

Norton AntiVirus has detected a virus on your computer

Object Name: C:\WINNT\system32\drivers\svchost.exe
Virus Name: W32.Welchia.B.Worm
Action Taken: Unable to repair this file.


How could that be? Anyone found something similar?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
It happens all of the time. People don't have themselves behind a firewall, don't install anti-viruses and updates before they connect to the net, and think that everything will be fine. It doesn't necessarily work like that.
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: n0cmonkey
It happens all of the time. People don't have themselves behind a firewall, don't install anti-viruses and updates before they connect to the net, and think that everything will be fine. It doesn't necessarily work like that.
Click to expand...

Yep. You need to install 2k, then NIS, and then plug the network cable in and connect. The average time for an infectible computer on a dsl/cable modem to get hit is minutes, and it can take a good hour to get all the MS patches.
Bill
 
bunker

bunker

Lifer
Apr 23, 2001
10,572
0
71
And don't forget to download the latest virus sigs before you reload your system so you can apply them before connecting to the net again as well.
 

Home use routers running NAT are dirt cheap. You should get one to avoid these type of problems.
 
C

Caveman

Platinum Member
Nov 18, 1999
2,537
34
91
Originally posted by: bsobel
Originally posted by: n0cmonkey
It happens all of the time. People don't have themselves behind a firewall, don't install anti-viruses and updates before they connect to the net, and think that everything will be fine. It doesn't necessarily work like that.
Click to expand...

Yep. You need to install 2k, then NIS, and then plug the network cable in and connect. The average time for an infectible computer on a dsl/cable modem to get hit is minutes, and it can take a good hour to get all the MS patches.
Bill
Click to expand...

What is "NIS"
 
B

bsmithy

Senior member
Oct 24, 2003
458
0
0
Originally posted by: RickyRoma
Home use routers running NAT are dirt cheap. You should get one to avoid these type of problems.
Click to expand...

i wanted one that would support my adsl connection bu those are like £100 ($180)
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: Caveman
What is NIS and NAT?
Click to expand...

NIS is Norton Internet Security, the firewall application he mentioned he was using. NAT is network address translation, it's actually PAT that they are refering to (port address translation), it is what is implemented by the low end firewall/router devices he mentioned.

Bill
 
B

b4u

Golden Member
Nov 8, 2002
1,380
2
81
Hi,

Thanks for the replies.

I now have one question: to be infected through the internet, I must download and install something ... I only installed the modem to update through windows update page and office update page ... I mean there is not such a thing as a living being called virus wandering through the internet looking for computers connected, so there is no chance of me getting infected.

The strangest thing, though, is that the file NIS told me it contained virus, and that he couldn't fix, isn't infected ... I mean, the entire system seems to be virus free after a full scan ... my-oh-my seems the Antivirus got a bit mixed ...
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
to be infected through the internet, I must download and install something ...
Click to expand...
Wrong, you only needed to be connected with a vulnerable system.
I mean there is not such a thing as a living being called virus wandering through the internet looking for computers connected, so there is no chance of me getting infected.
Click to expand...
Wrong again (well, it's not technically living ;)) but these worms are out searching for new machines to infect all the time.
The strangest thing, though, is that the file NIS told me it contained virus, and that he couldn't fix, isn't infected ... I mean, the entire system seems to be virus free after a full scan ... my-oh-my seems the Antivirus got a bit mixed ...
Click to expand...
You got a worm, a memory resident attack. So once you patched and NIS deleted any files the worm dropped the in memory version was killed when you rebooted.

Bill


 
B

b4u

Golden Member
Nov 8, 2002
1,380
2
81
Originally posted by: bsobel
to be infected through the internet, I must download and install something ...
Click to expand...
Wrong, you only needed to be connected with a vulnerable system.

Bill
Click to expand...

Yes, but to be vulnerable, I must run some software that (for example) open/listen some comm port ... or there would be no way in ...


But I believe I beat the crap out of him now! I have one licence of NIS2003, so I have it installed on 1 PC (the only one connected to the internet on the LAN, and internet connection NOT shared).

Question:

Do I have any way of making a diskette with some "scan" software so I can run it on other computers? I have made full scan of the files on the other computers on the LAN, by sharing their drives and scanning through the network. That would identify (and it did) the infected files.

I then downloaded the tools from symantec to kill the damn viruses, and ran them on each computer. It removed every trace ... but that network scan I made didn't scan the memory from each computer, so I would be more safe if I could create a scan diskette (with the lattest virus def I have on the PC with NIS), and scanning each computer individually.

Any ideas?
 
B

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Yes, but to be vulnerable, I must run some software that (for example) open/listen some comm port ... or there would be no way in ...
Click to expand...

Your OS is happy to do that for you. The vulnerability that exploited on your box was due to a service the OS was running and listening on a port. You didn't need to install anything else.

I then downloaded the tools from symantec to kill the damn viruses, and ran them on each computer. It removed every trace ... but that network scan I made didn't scan the memory from each computer, so I would be more safe if I could create a scan diskette (with the lattest virus def I have on the PC with NIS), and scanning each computer individually.
Click to expand...

A reboot would have removed it from memory. So if the clean tools don't report anything, you should be fine.

Bill
 
D

drag

Elite Member
Jul 4, 2002
8,708
0
0
This sort of thing sucks, eh?

I think the best thing to do is to download all the critical updates and burn them to a cdrom. Then when you reinstall you install the updates first thing, get on the internet and download and install the virus scanner. This is about the only way I'd do it if I didn't have a router to protect me.

If a router is too expensive to buy you can build one easy enough with a spare cpu box with one of the veriaties of router/firewall-specific linux distro. Anything over 133mhz +32megs works great for a router (differs from distro to distro due to differing features). That'll keep those nasty worms out, and if you have some obsolete hardware laying around then the only cost would be from the extra nic card.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom