New install of Win2000 SP4 caught virus after less than 1 day!! fgxxgdsh

[igalan]

My aging laptop (Pentium III 600 MHz) needed an update quickly. It came with WinME and since I purchased it 4 years ago I didn't had to reinstall or anything. Of course I did clean the system carefully and tried to keep it in good shape. Lately I found that it was about time to do something more definitive; so I decided to install Windows 2000 SP4, because Windows XP is too much for this older computer.

I did a Norton Ghost image to an external disk just in case something goes wrong, and an additional manual copy of the whole drive to another external disk. I don't like surprises with my data . I had a Win2000 CD with SP4 slipstreamed. I installed the OS formatting the disk, then installed all the drivers that were necessary including the driver for my 802.11g PC-Card and set up the network. After that I installed all Windows Updates available (over 20 MB, hopefully my ADSL was much faster downloading the files than my computer installing them). And that was it.

Yesterday my wife was working with it and told me that Internet Explorer was launched at start up and a window popped up. I didn't think much about it, it may be one of the updates that needed to do something. But surprise, surprise! At night when I went to check it, the computer would not boot, it remained at the start up screen of Windows 2000. I tried a repair with the CD, but it didn't help (before I tried restoring last config, run a full checkdisk from a BartCD...) When I ran out of ideas, I booted again from the BartCD and saved the updated documents to an USB memory, just in case. Then rebooted once again and let the computer while I went to check the files I just rescued. When I came back 15m later Windows 2000 already had started, so I quickly looked the system event and the taskmanager. I found a very nasty surprise in the taskmanager when I saw several *.pif processes along with some highly suspicious processes. I killed all of them and from there started a long night removing viruses and restoring the computer to a safe and clean state.

Ok, I didn't install an antivirus (AVG for that matter). That was scheduled for a later stage, because the system was fully patched and no Internet browsing was going to be made until the AV was installed. My router does NAT, so I don't know how the hell those viruses managed to get in. Unfortunately the IP of the notebook was set up as DMZ because before reinstalling it had a FW. That was probably the reason. Still I don't know how it's possible that a fully patched OS gets infected with all this sh*t so quickly even when you don't surf the web at all!!!

[Lion7718]

If you didn't surf it might be your Windows Install CD.......

[igalan]

Nope, it isn't. I have used that CD several other times.

[RipperRoo]

I've had similar problems in the past, because there are always more holes to patch than the latest service pack fixes.
my guess is you got hit with a worm in the time between going online with the machine and installing the last update/patching the last security hole, all too easyly done

the only way i found of doing an install without getting caught is to run the pc in series behind a fully patched/updated/anti virused/firewalled pc and do every single update, add a firewall and install and update anti virus software BEFORE connecting it directly to your router/modem