P
PrP
I had a massive problem with a fresh reinstall on a brand new 80Gb HDD.
Windows would start and it would automatically connect to the net, and when
I right clicked on the flashing icon in the bottom right hand corner it had
uploaded 5mb data in 6 minutes. To make things worse it had blocked of any
data I wanted , so any URLs emails etc came as page not found.
I did a scan with norton , sophos and trend antivirus, nothing detected. I
have zone
labs firewall, nothing detected.
In the windows task manager I had no suspicious applications running.
I format the hard drive and the same thing happens after a day.
I format this time writing 0s to the hard drive and everything is ok. I made
a custom made CD that would automatically install service pack 2 and
intergrated it into the win XP setup program so when I installed win XP it
would automatically apply all the update.
Once windows had installed I setup my network (a local direct cable LAN) and
firewall ( I have Zone alarm)
When I downloaded msn messenger 6.2 I noticed that there was a lot of data
being uploaded and my zonealarm program kept on asking permission for
msnmsgr.exe to use the connection. A lot of the sites I was trying to
access didnt work.
I also have java web start installed as some of the sites I need dont work
without it.
I also had Ares installed but it wasnt running.
I did a system restore back to when the system was running fine.
I went to windows update, but as I had SP 2 I had all the critical updates.
This is where it starts to get interesting.
The Antivirus programs I used were Norton, Sophos, nothing detected.
I went to this site http://www.ravantivirus.com/ after reading a google
post and it picked up the following
C:\Documents and Settings\a\Local Settings\Application
Data\Identities\{04C09266-D5CA-493B-8B52-C53243EEC5DC}\Microsoft\Outlook
Express\Deleted Items.dbx->Message.16: ( [Returned mail: Data format
error])->(part0002:message.zip)->message.scr - Win32/Mydoom.L@mm -> Infected
D:\RECYCLER\S-1-5-21-299502267-1993962763-1957994488-1003\De8\Inbox.dbx->Message.1074:
("peterstaveley" [Eager to see you])->(part0002:HILL CO.exe) -
Win32/Klez.H@mm -> Infected
Scanned
============================
Objects: 17313
Directories: 1423
Archives: 1010
Size(Kb): 638188
Infected files: 12
Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 37958
Why did this program detect the virus in store files but not any registry
changes. To add insult to injury they no longer offer software having been
aquired by M$
Question I am now faced with:
1) How do I get rid of the dam thing including all reg changes
1b) After doing a google search the virus is named Mydoom.A@mm mine has
Mydoom.L@mm What is the difference?
2) What is the best antivirus program, clearly Norton and Sophos didnt do a
good job
3) Is there a program that tells you where this uploaded data is going and
who is reponsible?
Thanks!
Windows would start and it would automatically connect to the net, and when
I right clicked on the flashing icon in the bottom right hand corner it had
uploaded 5mb data in 6 minutes. To make things worse it had blocked of any
data I wanted , so any URLs emails etc came as page not found.
I did a scan with norton , sophos and trend antivirus, nothing detected. I
have zone
labs firewall, nothing detected.
In the windows task manager I had no suspicious applications running.
I format the hard drive and the same thing happens after a day.
I format this time writing 0s to the hard drive and everything is ok. I made
a custom made CD that would automatically install service pack 2 and
intergrated it into the win XP setup program so when I installed win XP it
would automatically apply all the update.
Once windows had installed I setup my network (a local direct cable LAN) and
firewall ( I have Zone alarm)
When I downloaded msn messenger 6.2 I noticed that there was a lot of data
being uploaded and my zonealarm program kept on asking permission for
msnmsgr.exe to use the connection. A lot of the sites I was trying to
access didnt work.
I also have java web start installed as some of the sites I need dont work
without it.
I also had Ares installed but it wasnt running.
I did a system restore back to when the system was running fine.
I went to windows update, but as I had SP 2 I had all the critical updates.
This is where it starts to get interesting.
The Antivirus programs I used were Norton, Sophos, nothing detected.
I went to this site http://www.ravantivirus.com/ after reading a google
post and it picked up the following
C:\Documents and Settings\a\Local Settings\Application
Data\Identities\{04C09266-D5CA-493B-8B52-C53243EEC5DC}\Microsoft\Outlook
Express\Deleted Items.dbx->Message.16: ( [Returned mail: Data format
error])->(part0002:message.zip)->message.scr - Win32/Mydoom.L@mm -> Infected
D:\RECYCLER\S-1-5-21-299502267-1993962763-1957994488-1003\De8\Inbox.dbx->Message.1074:
("peterstaveley" [Eager to see you])->(part0002:HILL CO.exe) -
Win32/Klez.H@mm -> Infected
Scanned
============================
Objects: 17313
Directories: 1423
Archives: 1010
Size(Kb): 638188
Infected files: 12
Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 37958
Why did this program detect the virus in store files but not any registry
changes. To add insult to injury they no longer offer software having been
aquired by M$
Question I am now faced with:
1) How do I get rid of the dam thing including all reg changes
1b) After doing a google search the virus is named Mydoom.A@mm mine has
Mydoom.L@mm What is the difference?
2) What is the best antivirus program, clearly Norton and Sophos didnt do a
good job
3) Is there a program that tells you where this uploaded data is going and
who is reponsible?
Thanks!