Help!: What kind of virus/trojan survives a full OS reinstall?

[entropy123]

Hi all,

The symptoms: When connected to the internet my desktop runs at 100%
cpu usage and 100% network usage. There are no idications of which
process is actually using 100% CPU. Whatever is wrong with my desktop
is now wrong with my laptop - they both run winxp and are connected to
the same router. If I disconnect the router from the cable modem both
computers continue to run at 100%/100% - disconnect the network cables
- or disable the connection - and the problem goes away.

Right now I am writing this on my wife's mac - it is also connected to
router but works just fine. There is no burner/storage device attached
to this mac so I cannot get the latest spybot/adaware/norton updates.
My norton is 3 days old and the adaware/spybot are over a month old -
don't detect anything.

My first attempt was to completely reformat the desktop; give it a
clean slate. However, after reformat the 100%/100% problem continues.
(Laptop was not on and not connected to network). What kind of computer
virus/trojan/exploit survives a fresh reinstall of the OS?
Any advice appreciated,
ent

 

[johnf]

Methinks you need some hands-on technical help.
There's no such thing as formatting the Desktop - you format the whole
drive.
First disconnect any other PC from the router - or remove it from the
circuit to isolate your PC.
Then reinstall the complete new OS (with your PC disconnected to the
internet).
Then install SP2; make sure your AV is fully up to date & working correctly,
then & only then, connect it to your other PCs & Internet.
If you actually did a full reinstall, it appears you have something
undesirable on one of the other computers which it's picking it up from
there via the router.

 

[Robert Moir]

My first attempt was to completely reformat the desktop; give it a
clean slate. However, after reformat the 100%/100% problem continues.
(Laptop was not on and not connected to network). What kind of
computer virus/trojan/exploit survives a fresh reinstall of the OS?

Several can survive a reformat; format is as much use as a virus fighting
tool, as a virus scanner is for erasing hard disks.

Based on what you've said - only the desktop connected to the network - i'd
suggest that either the compromised code is included in one of the things
you install as part of your setup routine, that the problem isn't malware
but a hardware fault (pretty damn unlikely given its affecting two
dissimilar machine types) or the malware is being loaded across the network
before the machine is protected

- are you installing the OS while connected to the internet / your network?
If so, don't do this; re-install the OS, switch on the firewall and install
whatever patches and service packs you have around and only *then* connect
to the network.

- if the internal network connection works, then you can download PC
cleaning utilities / scanner updates to the mac and transfer them to the
windows pc without connecting the windows PC to the internet... assuming you
have a fileshare setup on the PC you can use finder on the mac, i think it's
"connect to server" under the go menu, and then use the following format for
the server address to connect to: smb://windowsPCipaddress/sharename (e.g.
if the windows PC is at IP address 192.168.1.102 on your network and you
have setup a share named "entropy" then you'd type
smb://192.168.1.102/entropy)


--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

 

[Enkidu]

Methinks you need some hands-on technical help.
There's no such thing as formatting the Desktop - you format the whole
drive.

He meant the "desktop computer", I think. He has a desktop and a
laptop.

Cheers,

Cliff

 

[johnf]

Oh, well, you can't win them all
Nevertheless, the rest of my advice still stands.

 

[Guest]

I too had a similar problem on a clients computer. I used Partition Magic
boot disks to format the HDD to Linux partitions and then to FAT16 partition.
Installed from Windows CD and let Windows convert drive and space to NTFS.
Also, use Roberts advice about installing with the computer disconnected from
the network/router until you have some “Securityâ€. No Fun, Good Luck!!!

 

[Enkidu]

Oh, well, you can't win them all


Nevertheless, the rest of my advice still stands.

Absolutely.

Cheers,

Cliff

 

[johnf]

Ta, Happy New Year from OZ.

--

johnf

Absolutely.

Cheers,

Cliff
--

The National Party manifesto can be viewed here:

http://www.labour.org.nz/policy/index.html