Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: bill
Basically I have a fresh install (meaning I fully repartitioned the HDD and formatted it first) of windows 2000. I installed antivirus (NOD32) and manually downloaded the updates onto a CD so that I wouldnt need to go online just yet.
I would like to say now that before I even installed the network drivers, I made sure the antivirus and everything else was up to date, including any windows updates that can be installed offline, this is a fresh install so it SHOULD be clean.
I scanned the drive using NOD32 and Spybot S&D and they did not reveal anything at all. But as soon as I go on the internet ... bang... trojans are popping up all over the place and the whole system just goes wild. There is a lot of network activity and the WinMgmt.exe process is nearly always using 75%+ CPU whenever it is connected to the internet. Does anyone know of any good (preferably free) packet sniffers so I can find out what its doing/downloading and from where?
I don't know why it is doing this, although I have had exactly the same problem on many different computers when I install Windows 2000. It seems that there must be some kind of trojan on the install CD but I have scanned the disc with NOD32, McAfee, and AVG and none of them find anything on the install CD (It is an official M$ CD).
Amongst all the annoyances, it also conveniently disables task manager, the services control panel, and msconfig (I took a copy of msconfig from an XP machine to use on 2000) so it is a bit tricky to sort out.
I have managed to clear it all up and scanned it with many different programs until it all shows up clean, but as soon as I go on the internet, it all comes back again. Could this be a Rootkit? If so, how could it have got on there if it's a fresh, fully up-to-date install?
I would also like to say, I have even borrowed a Windows 2000 cd from a friend and I still get the same problem even with a different install disc. This is driving me crazy, either im totally cursed or someone definitely doesn't like me! Lol.
Any help with this issue would be very appreciated. The problem is also described in the thread that I mentioned at the beginning of this post.
Hope to hear from someone soon.
[edited by: bill at 1:22 am (utc) on Nov. 28, 2006]
[edit reason] fix link [/edit]
Incidentally, you make no mention of a firewall software such as ZoneAlarm. Whilst I have never bothered to study how these products work, they are intended specifically to block attacks from external sources. Your IP address may have been flagged as belonging to a vulnerable computer if you don't have any sort of firewall protection. In this case, you may be specifically targetted.
I connect to the internet through a router which has a built-in hardware firewall and NAT, I don't know if it's as good as a software one or not.
I'll try the boot disc tomorrow [it's 1:50am here now, and the caffeine isn't as good as it used to be :P lol].
Thanks for your help.
The built in firewall on the router is just an IOS packet filter, not a real firewall. To run windows safely you need a application layer software firewall but more important you need to be patched first.