Path: ccsf.homeunix.org!ccsf.homeunix.org!news1.wakwak.com!nf1.xephion.ne.jp!onion.ish.org!news.heimat.gr.jp!news.jone-system.com!mmcatv.co.jp!newsfeed.media.kyoto-u.ac.jp!news-peer1!news-peer0-test!btnet-feed5!btnet!news.btopenworld.com!not-for-mail From: "Tony" Newsgroups: fj.life.in-japan Subject: Re: I got a virus in about an hour after a format Date: Mon, 31 May 2004 08:27:14 +0000 (UTC) Organization: BT Openworld Lines: 72 Message-ID: References: <2hnp0tFf6toeU1@uni-berlin.de> Reply-To: "Tony" NNTP-Posting-Host: dial81-135-130-33.in-addr.btopenworld.com X-Trace: titan.btinternet.com 1085992034 19777 81.135.130.33 (31 May 2004 08:27:14 GMT) X-Complaints-To: news-complaints@lists.btinternet.com NNTP-Posting-Date: Mon, 31 May 2004 08:27:14 +0000 (UTC) X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MSMail-Priority: Normal X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Xref: ccsf.homeunix.org fj.life.in-japan:14022 I went throught the gates of hell trying to reinstall my PC. Every time I put a new system in, a worm came when I tried to upgrade my system on line, even from the MS site and from the Norton site. Eventually, I had to go to a friend's place and upgrade there, he had firewall.. Hard lesson learned! "Elbow" wrote in message news:2hnp0tFf6toeU1@uni-berlin.de... > I had just formatted my drive and hadnt installed my firewall and virus > software just yet, I went on the web to get some tips etc and after I > installed my firewall I got a file called wuam.exe trying to connect to the > internet, naturally I blocked it until i could find out what it was. > I installed my virus software AVG, rebooted and got an alarm. Virus > wuam.exe detected . So I scanned and found it in the System32 folder, I had > to put in the virus vault. > > Ive noticed in my startup that its listed as > Microsoft Update Time wuam.exe > Ive unchecked it so it doesnt start. > Just letting others know in case you do a format and dont add your security > proggies asap. DO them FIRST!! > This is the first detected virus I have had in about 2 yrs. > > here is a log if it helps you to help me or vice a versa > > > Results of Complete Test, date and time 27/05/2004 20:49:21 : > > Testing C:\ serial C:\Documents and Settings\ELBOW\NTUSER.DAT Cannot open; > not checked! > C:\Documents and Settings\ELBOW\ntuser.dat.LOG Cannot open; not checked! > C:\Documents and Settings\ELBOW\Local Settings\Application > Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! > C:\Documents and Settings\ELBOW\Local Settings\Application > Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! > C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked! > C:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not > checked! > C:\Documents and Settings\LocalService\Local Settings\Application > Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! > C:\Documents and Settings\LocalService\Local Settings\Application > Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! > C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not > checked! > C:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not > checked! > C:\Documents and Settings\NetworkService\Local Settings\Application > Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! > C:\Documents and Settings\NetworkService\Local Settings\Application > Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! > C:\WINDOWS\SYSTEM32\WUAM.EXE Virus identified Worm/Spybot.17.BQ > C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked! > Testing D:\ volume Programmes Testing E:\ volume AQS Shares > Testing F:\ volume Media + New Stuff serial Testing G:\ volume AQS Shares 2 > Test finished, duration 00:29:27.0 s > 18486 objects tested, 1 found infected > >