Working on a few laptops the other day and doing a re-install on one. I'm not sure how this is even possible.

http://www.facebook.com/photo.php?pid=8531032&l=5e4d9d3cc3&id=558547993

(The link is public, so even if you don't have an account there, you can still view it).

I remember a couple of years back The New York Times ran a test which showed that a Windows XP machine connected to the Internet got infected within 5 minutes.. or less time that it would typically take to download the updates that closed the security holes.

I suspect this was done prior to a version of Windows with the firewall enabled by default but I doubt the landscape has changed that much for XP in this respect. There is going to be a window where you are open to attack while updating.

:popcorn:

I'm certain it's not perfect but when i do a Windows install, behind a router which should help, I run the Avast setup from a USB key before establishing an internet connection then run updates first thing. It's not a perfect solution but i don't know what else is practical if I have to run Windows connected to the internet. For what I use Windows for I don't need an internet connection so I unplug the WiFi adapter before starting Windows. Simple solution. Ubuntu for online stuff.

Hi. isn't this that virus that from Russia? I saw this on TV. I'ts just a animation that is run. One more reason not to use Microblow.

Yeah, I would dare say you won the contest.
Yeesh, I love my Linux,


Edit:
Do you mind if I use that as a FAIL picture?

I'm sure it is a pirated copy that had the infection built in. It is impossible to get a pop-up during installation of a legit copy.

The copy of the disc was an OEM licensed copy of a Dell XP Home SP2 distributed disc. I've used the disc hundreds of times before without this problem.

The virus is really nothing much more than a rogue pretending to show you have a virus. Yes, the animated image from Russia (with love).

I've definitely never seen one like that before

Were you behind a router or were you connected straight to the Internet?

wolfen69: The progress screen says "Installing Devices", so it has a working Internet connection by this time. Also I believe (though I'm in no way certain) that XP tries to find drivers for hardware online while installing.

This picture is worth more than a thousand words. :p

Is that a fresh install or an "reinstall over the top of itself" install of an already infected system?

Is that a fresh install or an "reinstall over the top of itself" install of an already infected system?


Probably the latter, and probably a back door trojan.

I think that Adobe's flagship product has something to do with that picture.

Working on a few laptops the other day and doing a re-install on one. I'm not sure how this is even possible.

http://www.facebook.com/photo.php?pid=8531032&l=5e4d9d3cc3&id=558547993

(The link is public, so even if you don't have an account there, you can still view it).

Reinstalling XP over an infected version of XP just caused the newer install to get infected too, it'll be an endless cycle as that is the wrong way to recover an infected machine. Take the hard drive out, and put it in an external USB case, scan it from a clean machine with a good (and up to date) virus scanner, remove all of the viruses etc from it, and then put it back in the machine and reinstall XP.

Note: Windows XP is no longer supported, should probably upgrade it to a supported version of Windows.

I think that Adobe's flagship product has something to do with that picture.

The background screen script does not seem to match. The right side does not seem the correlate to the left side.:-\"

Or

Maybe Format C: should have been used on an already infected machine before re-install attempted.

Maybe Format C: should have been used on an already infected machine before re-install attempted.
Quite possibly one of the more effective methods of disinfecting a machine. :D

I think that Adobe's flagship product has something to do with that picture.
I can tell from the pixels.

Note: Windows XP is no longer supported, should probably upgrade it to a supported version of Windows.

Really? I'm still getting updates.

Note: Windows XP is no longer supported, should probably upgrade it to a supported version of Windows.

It's still supported until 2014.

http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

I'm certain it's not perfect but when i do a Windows install, behind a router which should help, I run the Avast setup from a USB key before establishing an internet connection then run updates first thing. It's not a perfect solution but i don't know what else is practical if I have to run Windows connected to the internet. For what I use Windows for I don't need an internet connection so I unplug the WiFi adapter before starting Windows. Simple solution. Ubuntu for online stuff.
I used to do that, until one of the boxes rooted my flashdrive. It took me a couple hours to realize why that brand new build was already infected.

It's still supported until 2014.

http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

Sure, it is in extended support. That means that they will fix things at their leisure. It is not mainstream support. :)

I would probably use DBAN on the hard drive and wipe it out before I did a fresh install.Dang XP is vulnerable though!I remember one time I got infected with a virus called VX dang that thing was hard to get rid of!Ive been through many battles with windows nasties actually I like to fix them but that was the thing that led me to linux its almost as if Im bulletproof now!

Sure, it is in extended support. That means that they will fix things at their leisure. It is not mainstream support. :)

Seems they are pretty much the same in regards to security updates.

Reinstalling XP over an infected version of XP just caused the newer install to get infected too, it'll be an endless cycle as that is the wrong way to recover an infected machine. Take the hard drive out, and put it in an external USB case, scan it from a clean machine with a good (and up to date) virus scanner, remove all of the viruses etc from it, and then put it back in the machine and reinstall XP.

Well not quite. Why on earth would you go through all that? Simply delete the partition and reformat before installing. After backing everything up with a live cd of course. Much more efficient in most cases.

Well not quite. Why on earth would you go through all that? Simply delete the partition and reformat before installing. After backing everything up with a live cd of course. Much more efficient in most cases.

You could do that, unless you needed the data. You don't back anything up while it's still infected, or you become a prime candidate for re-infection.

Were you behind a router or were you connected straight to the Internet?

Behind a router, no internet on that network. Primary reason is to keep those computer systems which are already infected from sending out more infections. Sometimes it's fun to see them all talking to each other.

Seems they are pretty much the same in regards to security updates.

Fixing at their leisure? hah!

Well, the OS was released in 2001, it's time to put it out to pasture. Microsoft's latest OS is much better, and much more secure.

Reinstalling XP over an infected version of XP just caused the newer install to get infected too, it'll be an endless cycle as that is the wrong way to recover an infected machine. Take the hard drive out, and put it in an external USB case, scan it from a clean machine with a good (and up to date) virus scanner, remove all of the viruses etc from it, and then put it back in the machine and reinstall XP.

Note: Windows XP is no longer supported, should probably upgrade it to a supported version of Windows.

Done that five times over. The drive was pulled and scanned with many different scanners (not a USB enclosure, that would have taken days). F-Prot, Kaspersky, Trend Micro, Avast Pro, ClamAV, and a gambit of others. The drive was scrubbed to the bone... the system was running, but the network connection was intermittent at times. Tried pulling out the NDIS lower and upper filters by hand and rebuilding them... but it didn't work. Repairing the install was the dirty way out yes... but the results were hilarious as you can see. Also, the system is so old, there is no better version of windows for it due to the max memory limitation of 768MB.

To those who doubt that picture... no photo editing software was used. For those that want to use it and spread it around as the latest form of fail, please do.

Hi, if you google for the word antispy2011setup.exe , you get a lot of answers ....
i got it too but have only ubuntu(but i think that it maybe could do harm if you use WINE or/and VIRTUALBOX in Ubuntu), and posted it here :
http://ubuntuforums.org/showthread.php?t=1736088
but got (immediately) a lock on that post (too fast in my opinion)...so that nobody can answer anymore, and that that post 'disapears in the background'....also the same happened with someone posting about this in :
http://ubuntuforums.org/showthread.php?t=1734484
... even got a (deservedly for posting that malware-link)warning from this 'diligently'-forestpiskie-mod :p ...

@forestpiskie: removing the malware is just, though...but at least don't close post too quickly ....my 2cents.... regards ... ;)

edit : it is a kind of java-script malware i think, because my firefox 'got stuck' and i had to disable java-script in preferences of firefox to 'go on' ....

I caught a deal vary similar to that on xp about 3 years ago it wasnt too hard to clean up then I heard about sandboxie a great little sandbox program that runs your browser in a sandboxed environment.http://www.sandboxie.com/ about a year later it happened again when I was running sandboxie all I had to do is dump the sandbox and the infection was gone its a great little program.

But of course with Linux you dont need such nonsense I love Nix!

I totally just got done removing that from a customers system. In case you havent already figured it out. It's a smitfraud variant that comes with a 3rd gen tdss payload. If you have a flash drive plugged into that system then it's autorun is infected. Reset your router if it is connected to that system also.

Whoever wrote this seven layer burrito of a virus should really sit down and try coding something beneficial instead.

That's just... wow. Infection during install, how does that even happen? And people say that windows viruses are caused by incompetence! :biggrin:

That's just... wow. Infection during install, how does that even happen? And people say that windows viruses are caused by incompetence! :biggrin:

It happens when you're actually upgrading, not installing fresh.

Windows is actually running in the background, if you enter a secret key combo you can get access to it.

And yes, 99.9% of malware on windows is from user incompetence.

It happens when you're actually upgrading, not installing fresh.

Windows is actually running in the background, if you enter a secret key combo you can get access to it.

And yes, 99.9% of malware on windows is from user incompetence.
Ah, thanks for clearing that up. Still sad though...

This virus/rogue/rootkit is so much fun... I actually went out looking for it to see if I could infect another system the same way. Check this out, if the computer system has a wireless card, it takes over the NDIS stack and acts as a peer-peer squid... you can openly connect to it (Free Public Wifi is the SSID) and will in turn infect the computer that successfully connects. I wonder what else it can do. I would not have any doubts the people who wrote it are active attendees of the pwn2pwn contest, sheer genius aside.

It happens when you're actually upgrading, not installing fresh.

Windows is actually running in the background, if you enter a secret key combo you can get access to it.

And yes, 99.9% of malware on windows is from user incompetence.

Just out of curiosity, what is this secret key combo?

I once did a WinXP install and I was connected via the LAN during the procedure and it got infected with a worm or virus within seconds.

When dealing with windows my golden rule is to disconnect any network connection before you even start. Install windows and immediately install antivirus & firewall (which you downloaded to a clean flash stick from a safe computer) followed by an update and after a reboot connect to the internet.

Behind a router, no internet on that network. Primary reason is to keep those computer systems which are already infected from sending out more infections. Sometimes it's fun to see them all talking to each other.

http://imgs.xkcd.com/comics/network.png

[Snipped XKCD comic]

We were all thinking it. I was very tempted to make such a setup myself, then have it on a second monitor while I'm working, only problem is that I couldn't locate any software to track the infections.........(Yes, that is a plea for someone to make it.)

Just out of curiosity, what is this secret key combo?

http://technet.microsoft.com/en-us/magazine/gg491396.aspx

Also just to be picky, technically the malware the op reported is not a virus, there are very few true viruses around today, more often than not they're trojan/rootkit/worm/spyware hybrids.

I remember a couple of years back The New York Times ran a test which showed that a Windows XP machine connected to the Internet got infected within 5 minutes.. or less time that it would typically take to download the updates that closed the security holes.

I suspect this was done prior to a version of Windows with the firewall enabled by default but I doubt the landscape has changed that much for XP in this respect. There is going to be a window where you are open to attack while updating.

I've actually had that happen on a pre-SP2 machine. I got infected by several nastiest in the time it took to download and install an AV suite.

It just doesn't happen on post-SP2 machines though, Microsoft have improved the security of Windows immensely since those days.