[thelist] Worm sneaks in whilst WinXP registers?

sue sjackson at ventimocha.com
Fri Oct 24 12:34:33 CDT 2003 

I recently had to replace my laptop hard drive and while reinstalling winxp
pro and then updates from microsoft's windowsupdate site, immediately was
infected with the nichi worm...  fortunately, my isp called me to let me
know right away


----- Original Message ----- 
From: "Jeff Wilhelm" <jwilhelm at summit7solutions.com>
To: <thelist at lists.evolt.org>
Sent: Friday, October 24, 2003 9:09 AM
Subject: RE: [thelist] Worm sneaks in whilst WinXP registers?


> That's absolutely what happens. It's happened to me on 2 Win2000Pro
installs and one WinXP install
> -- and VERY rapidly as I'm on a highly infected campus. The only way to be
certain it's clean is put
> the service packs and patches on CD and don't plug into the network until
Windows and the Service
> Packs are all installed.
>
> Jeff
>
>
> | * J E F F R E Y   M.   W I L H E L M * |
>  e: jeff at jeffwilhelm.com
>  w: www.jeffwilhelm.com
>  e: jeff at summit7solutions.com
>  w: www.summit7solutions.com
>  p: 401-874-3118 // 401-481-5991
>  f: 419-735-8865 // 208-979-7205
>
>
>
>
> thelist-bounces at lists.evolt.org <> wrote:
> | On two separate occasions recently I've had new installs of
> | Windows XP
> | start spreading welchi the minute the install finishes. (my
> | main machine
> | firewall complained the minute winXP booted up!)
> |
> | I think what has happened is that during the initial install (windows is
> | setting up your network and register windows via the Internet
> | seem likely)
> | the machine is exposed without firewall or AV and the worm
> | gets in then.
> |
> | is this feasible?
> |
> | anyone else seen it?
> |
> | I ask because I just had my ISP cut me off for 24 hours
> | because of reports
> | that I was spreading blaster/welchi.
> |
> | I think it's likely the two new installs that caused it - I
> | cleaned the
> | machines in question immediately, they're AV'd and firewalled now and
still
> | clean...
> |
> | Ho hum.
> |
> | I guess register via the telephone would be a good tip?
> |
> | ;o)
> |
> | Tony
> |
> |
> |
> |
> |
> | --
> | http://www.xebit.net/
> |
> | Sent with M2, Opera's revolutionary e-mail client:
> | https://secure.bmtmicro.com/opera/buy-opera.html?AID=627923 --
> | * * Please support the community that supports you.  * *
> | http://evolt.org/help_support_evolt/
> |
> | For unsubscribe and other options, including the Tip Harvester
> | and archives of thelist go to: http://lists.evolt.org
> | Workers of the Web, evolt !
>
>
> -- 
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>

More information about the thelist mailing list