Welcome to WebmasterWorld Guest from

Forum Moderators: bill

Message Too Old, No Replies

Trojans/Viruses on fresh install of 2000?



1:15 am on Nov 28, 2006 (gmt 0)

5+ Year Member

I have just read a thread on here that describes my problem almost exactly, here [webmasterworld.com] but it was too old and I couldn't reply to it.

Basically I have a fresh install (meaning I fully repartitioned the HDD and formatted it first) of windows 2000. I installed antivirus (NOD32) and manually downloaded the updates onto a CD so that I wouldnt need to go online just yet.

I would like to say now that before I even installed the network drivers, I made sure the antivirus and everything else was up to date, including any windows updates that can be installed offline, this is a fresh install so it SHOULD be clean.

I scanned the drive using NOD32 and Spybot S&D and they did not reveal anything at all. But as soon as I go on the internet ... bang... trojans are popping up all over the place and the whole system just goes wild. There is a lot of network activity and the WinMgmt.exe process is nearly always using 75%+ CPU whenever it is connected to the internet. Does anyone know of any good (preferably free) packet sniffers so I can find out what its doing/downloading and from where?

I don't know why it is doing this, although I have had exactly the same problem on many different computers when I install Windows 2000. It seems that there must be some kind of trojan on the install CD but I have scanned the disc with NOD32, McAfee, and AVG and none of them find anything on the install CD (It is an official M$ CD).

Amongst all the annoyances, it also conveniently disables task manager, the services control panel, and msconfig (I took a copy of msconfig from an XP machine to use on 2000) so it is a bit tricky to sort out.

I have managed to clear it all up and scanned it with many different programs until it all shows up clean, but as soon as I go on the internet, it all comes back again. Could this be a Rootkit? If so, how could it have got on there if it's a fresh, fully up-to-date install?

I would also like to say, I have even borrowed a Windows 2000 cd from a friend and I still get the same problem even with a different install disc. This is driving me crazy, either im totally cursed or someone definitely doesn't like me! Lol.

Any help with this issue would be very appreciated. The problem is also described in the thread that I mentioned at the beginning of this post.

Hope to hear from someone soon.

[edited by: bill at 1:22 am (utc) on Nov. 28, 2006]
[edit reason] fix link [/edit]


1:37 am on Nov 28, 2006 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

The boot sector of the disk might be infected. This is not normally cleaned by formatting. In order to clean the boot sector, you may run the command fdisk /mbr. However, you will have to do this from a known clean boot floppy/CD. In your case, you will have to get such a disk from an independent source since any such disk you may have could be infected.

Incidentally, you make no mention of a firewall software such as ZoneAlarm. Whilst I have never bothered to study how these products work, they are intended specifically to block attacks from external sources. Your IP address may have been flagged as belonging to a vulnerable computer if you don't have any sort of firewall protection. In this case, you may be specifically targetted.



1:48 am on Nov 28, 2006 (gmt 0)

5+ Year Member

Hi thanks for the fast reply :)

I connect to the internet through a router which has a built-in hardware firewall and NAT, I don't know if it's as good as a software one or not.

I'll try the boot disc tomorrow [it's 1:50am here now, and the caffeine isn't as good as it used to be :P lol].

Thanks for your help.


12:24 pm on Nov 28, 2006 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Firewalls are not something I understand fully, but I believe that hardware firewalls are considered to be more secure at guarding against external attacks whilst software firewalls can both protect against external attacks and be used to prevent rogue programs "phoning home". There is also the possibility that your hardware firewall has somehow been rendered ineffective. They can usually be configured from the PC and that means they might (in theory) be disabled by rogue software.



9:45 pm on Nov 28, 2006 (gmt 0)

5+ Year Member

I had the same problem with Win XP.
After I use fdisk and repartitionate the HDD
it worked fine


7:06 pm on Dec 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Sounds lik=ke you need to patch Win2K before going online, the version on the disk will be unpatched and so full of well known vumerabilities.

The built in firewall on the router is just an IOS packet filter, not a real firewall. To run windows safely you need a application layer software firewall but more important you need to be patched first.


Featured Threads

Hot Threads This Week

Hot Threads This Month