[Shannon]

I posted the Hijack This! Log for my boss' computer last week, and after many attempts to remove the yuckies I got the ok to just reformat.

So I reformatted the drive, careful not to touch that invisible dell partition, made two partitions (C and F, one for Windows, one for FIles) and installed XP Pro from the Dell discs. I've installed Windows XP a thousand times, so this is now big deal to me.

to get to the point, I JUST installed this and both AVG and anti-virus and spyware AND Panda Activescan detected a couple of problems. Backdoor.Rbot on explore.exe and messenger (avg detected) and I ran ActiveScan because of this, which detected a worm but I forgot to write it down and now I can't remember which one it was.

How is this possible? All I had done was install drivers, Firefox and AVG.

I had set up a static IP for the machine as well.

At first I suspected the Dell CD, it would have explained alot, but I scanned the copied XP CD files on my hard drive and nothing came up.

I rebooted and rescanned the machine, but I'm seriously considering reinstalling again and being a little more anal just to make sure the machine can't be compromised.

But I'm not sure. If anyone has had experience with this type of problem, advice would be appreciated.

Oh, we have a server running Windows Server 2003 with Exchange 2003 in case that could have anything to do with it.

[Osiris]

its possible its on the dell partition also. if you had system restore enable, it could have been on the dell partition. Usually I disable this all together so it wont happen. how did you go about the updates? maybe you have spyware broadcasting on your network?

[Shannon]

I've only been at this company for about a month so I haven't exactly been doing updates regularly, but automatic update was on I believe. I don't remember if system restore was enabled, but it was probably at the default setting.

I was afraid it might be on the dell partition. How would I deal with that if it is needed to recognize the computer as Dell and use the Windows CDs?

I am also not ruling out the idea of it being on our network, but I haven't ever encountered network broadcasted malware and I'm not sure how to check for it. I know that the machine that I am using seems to be fine, though.

[Osiris]

I always wipe of Dell computers when I get them. We use Dell GX520's in some areas. System restore is enabled by default. Are you using the corporate XP SP2 disk or Dells?

[Shannon]

I'm using the Dell disk. We don't seem to have any others. I am concerned that the machine will get compromised again quickly, so I've been hesitant to continue with the machine's setup very far before I can figure out where the problem is coming from.

[Osiris]

is that a restore cd or a full xp cd?

[Shannon]

It looks like a full CD to me but it says Reinstallation CD on it.

[Osiris]

If its a full xp cd, I would just wipe it out and start over

[Shannon]

I'm going to try that now. It's one of those advil days for me, and I really really need to get this done tonight and after I get the machine reinstalled again I still have to figure out how to get it to talk to the server and make you press ctrl+alt+delete to log in and that stuff.

It's my first time in a corporate type network...

[Osiris]

Well thats easy!!!

All you need is the domain name, then the domain credentials as in the user name and password, and thats it!

Example......

You just install XP, time to join it to the domain. Go to system in the control panel, computer name tab, then click change to rename this computer or join to a domain, then select domain, type in the domain name, lets say its NA, just type that it, then press ok, a username and password prompt will appear, then type in na\genesys for the username and genesys for the password. Ofcourse this wont be your username and password for your network, but it is for mine. You may need to find the admin of the network to get this info. After you do that reboot and then add the local admin account which I add the name of the user as an admin, and thats it! Does that make sense?