G
Guest
Hi,
this weekend my PC got infected with W32.spybot.worm and W32.randex.gen through mIRC. I then decided to solve this problem by formatting my HDD and reinstalling XP home with a fresh install.
So, i formatted, i reinstalled XP, my drivers, ad-aware 6.0, spybot S&D 1.3, spy-sweeper and finally Norton Antivirus 2004 (demo version from a Maximum PC cd). At this point i created a restore point. Everything looks fine until I reinstalled my internet service.
First, i got the usual pop-ups, usually fixed with a windows update. So, I went over the internet to the winupdate sate. It's there that i got again the "mediaticket" browser hijack and the NAV alert saying that W32.spybot.worm was found on several files: winservicess.exe, wuam.exe, NAVSCAN64.exe, wuamgrd.exe, PDSched.exe.
Questions:
1- is it possible that the virus survived after a format ???
2- as w32.spybot.worm send IP address to a IRC server and open backdoor port, could this be that when i connected to the internet some backdoor allowed viral stuff to survived ?
I tried the removal instructions of Symantec site (http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.spybot.worm.html) but when i am in Safe mode, NAV doesn't make the scan: nothing happen when i click on scan.
So that's where I am. I think taking that restore point i created and contact my internet provider to give me another internet installation kit with a new IP and username, etc
Another question: I actived my XP home after creating the system restore point... if i restore XP home, will i have to reactivate XP ?
Any help, comments ?
this weekend my PC got infected with W32.spybot.worm and W32.randex.gen through mIRC. I then decided to solve this problem by formatting my HDD and reinstalling XP home with a fresh install.
So, i formatted, i reinstalled XP, my drivers, ad-aware 6.0, spybot S&D 1.3, spy-sweeper and finally Norton Antivirus 2004 (demo version from a Maximum PC cd). At this point i created a restore point. Everything looks fine until I reinstalled my internet service.
First, i got the usual pop-ups, usually fixed with a windows update. So, I went over the internet to the winupdate sate. It's there that i got again the "mediaticket" browser hijack and the NAV alert saying that W32.spybot.worm was found on several files: winservicess.exe, wuam.exe, NAVSCAN64.exe, wuamgrd.exe, PDSched.exe.
Questions:
1- is it possible that the virus survived after a format ???
2- as w32.spybot.worm send IP address to a IRC server and open backdoor port, could this be that when i connected to the internet some backdoor allowed viral stuff to survived ?
I tried the removal instructions of Symantec site (http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.spybot.worm.html) but when i am in Safe mode, NAV doesn't make the scan: nothing happen when i click on scan.
So that's where I am. I think taking that restore point i created and contact my internet provider to give me another internet installation kit with a new IP and username, etc
Another question: I actived my XP home after creating the system restore point... if i restore XP home, will i have to reactivate XP ?
Any help, comments ?