is it my isp allowing viruses?

[walkern]

Hello,
I have completely reformatted my computer and installed the bare basics from scratch, including all service packs and critical updates.

Before connecting to the internet I have my virus guard and firewall setup and functioning in top condition.

As soon as I (well BT) connected to the internet (i.e. from the broadband installation program) within 5 seconds the virus guard determined 3 different viruses had been downloaded. Is this someone snooping on my isp's ip addresses or somehow contracted from my provider.

Is this a world record!

The viruses detected are as follows:

internet temporary files\wkspatch[1].exe
network worm worm.win32.welchia.b

windows\syste32\tftp3624 infected with win32.parite.b virus

windows\syste32\tftp3624 infected with backdoor.sdbot.jg

windows\syste32\tftp3624 infected with backdoor.sdbot.jt

I don't know if its related and probably not virus related, but immediately on starting up my ports were being scanned by what looked like my provider. Is this normal?

Somebody is scanning your computer.
Your computer's TCP ports:
135, 445, 2745, 5000 and 139 have been scanned from 81.152.86.3.

Any feedback would be much appreciated!

Neil

[whocares]

Hi,


*
worm.win32.welchia.b

windows\syste32\tftp3624 infected with backdoor.sdbot.jg

windows\syste32\tftp3624 infected with backdoor.sdbot.jt
*
"tftp3624": is this a folder or did you leave out the EXE-extension of the file ?


The 3 above enter your system via unpatched Security holes or WEAK PASSWORDS!!

win32.parite.b virus: strange -> either infected files on other partitions, harddisks/installation media, or Network worm got inself infected..

Did you APPLY all patches OFFLINE before the first ONLINE-connection
did you test the files with other AV-Scanners (for false alarm, though this seems unlikely)


Looks like either:

- you didn't have all the patches in place before going online
- your Firewall is not configured properly.
- you use WEAK PASSWORDS..
- someone knows your passwords.. (possible if you had a trojan/backdoor/keylogger on your PC previously: WHY did you reformat ?)
- El niño




 81.152.86.3.

Any feedback would be much appreciated!

Neil

[walkern]

Hello,
Thanks. I do admit that when I went to windows update there were a couple of critical security patches waiting to download.

I reformatted because my computer was riddled with viruses as I had lapsed with my virus protection. I had a particularly nasty one that wouldn't budge so I trashed all my partitions and started from scratch.

I've ran all the various tools from steve gibson and all pass (except 'socket to me' that tells me full raw sockets are available but not how to fix it).

What is a WEAK PASSWORD? if you're referring to my windows login account then I remember finding a list somewhere from one of the viruses but it didn't match mine.

Neil.