Win32 trojan AFTER i reformatted

[bas1620]

Can anyone help me here? I just reformatted after having some annoying unrepairable WIN32 trojans.
I reinstalled everything and the FIRST thing i did was download AVAST. The 1st thing it does is find a Virus after i installed the program; about 10 minutes after reformatting. I didnt write the error messages down cuz i was in a hurry, but it did say there was a trojan in "windowsupdate.exe" and 2 other files in my windows folder(win32). I could not repair any of them, so i deleted.
There is only one hard drive in  my PC.
Do i have to replace it?
Can a virus hide on my hard drive even when reformatting?
Should i reformatt again?
Can  a virus hide in my RAM or anywhere else besides the hard drive? IF so, what can i do before reformatting again?
I'm at work now and plan on taking this PC home so i can work on the infected one at the house. I'll c if i can find the exact error messages, er virus names.
Please help.


I have XP
Avast 4 (free)
P4 1.7
384 ddr ram
I have a 20GB drive in the PC that is giving me the problems
I have a 120 GB with media files on it that i removed before I even reformatted
Before reformatting, the viruses/trojan would only get detected on the smaller drive(primary) where my OS was.
My 120GB is sitting in the box and has not been plugged into the newly reformatted PC.
I have a 4GB drive i could put in to replace the existing 20GB if anyone thinks that the 20GB is somehow hiding a virus, and install XP on the 4Gb
 

[Eddy]

Check Avast's log file and let us know which files where detected as being infected and what the exact location is.

[bas1620]

Thanks Eddy. Will do. I've been going through ur posts trying gain any insight.
I know the trojans were all found in my windows folder.
i get off at about 4 central.

I just dont understand how a virus could show up within minutes of formatting.

I didnt go to any risky websites.
Just avast.com/msn.com/yahoo.com/ati.com
 :'( :'(

[whocares]

"windowsupdate.exe"
...
I just dont understand how a virus could show up within minutes of formatting.

Hi,

GOOGLE is your friend:
--> Click4Info  

This was most probably not a TROJAN, but a (network-)WORM, which entered your unpatched  (=not updated & unsecured) Windows as soon as you connect to the inet:

--> Apply all Windowsupdates immediately and thoroughly scan your system

*

if you want to really be sure that your system is clean/not compromised
and/or avoid this happening the next time you Format/reinstall:

work through the link "VirusRemoval" below in my signature, especially
at the end of the "BACKDOOR"-section

 

P.S.: This would have been prevented too, if you had:
a) Installed the newest avast-version OFFLINE before ever connecting to the inet or
b) activated XP's built-in Firewall before going online

 

[bas1620]

This is what my comp is repeatedly finding.

Win32:RegZoneTr[Trj]  is in file c:\windows\re11.reg
    Could not repair, stored in vault.

   and

Win32:StartPage-042[Trj]  is in 2 files
      C:\protas.exe
       "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8TDBBXG9\protector[1].exe"
 
     I dont know what "protas" it on the web.(baffled)
And i deleted it without thinking. But i did try to clean/repair and i couldn't.

     and

Win32:Wootbot-G [Trj]  is in file          C:\WINDOWS\Win32]windowsupdate.exe
   Could not repair, stored in vault

There is also a toolbar in my internet explorer that ive never seen.

This computer has only been reformatted and running a few hours. The first thing i installed was avast, and drivers. I did search for them with google if that could have led to something...


I unplugged it from the internet as soon as i got home.

I dont mind reformatting again but i will that fix this?

 

[bas1620]

 

P.S.: This would have been prevented too, if you had:
a) Installed the newest avast-version OFFLINE before ever connecting to the inet or
b) activated XP's built-in Firewall before going online

 

Could i use the free AVAST?
I dont remember XP asking me about a firewall.

[Eddy]

You got two options:

1] Format and this time install the proper way.
- pull out the plug to the internet
- format
- install windows
- install a firewall
- install av software
- connect to the net
- install ALL security updates/patches before doing anything else

or

2] Clean and secure your system.

Since the system does not seem to be really badly infect, I would suggest you go for the 2nd option. If that is your choice also, click on the link in my signature and follow the instructions on that webpage.

[bas1620]

Thank you guys so much for helping out.

I would really feel better reformatting and starting clean.

After u said that i realized my comp was plugged in when i installed. So i dont need it plugged in at all until im done installing everything?

So if i clear out my drive again and reinstall, is there anything i should do to my system before? Such as scans/cleans/password-pin changes?

And i can put put AVAST 4 (free) on a disk to load onto it 1st thing. What else should i load before i connect to the net? spy/malware scanner/remover?

Is there anything that doesnt get erased during format? I have a Gateway and to format i use GWSCAN and "write zeros to the drive". Gateway says it thorough. Is there something else i can do to clear bios/cmos?(if thats even possible)

thanks

[Eddy]

Just put the Avast installer (the one you download from the website) and a good firewall (ZoneAlarm, Kerio, Sygate, Outpost) on a cd before going to do the format-install procedure. Install them (and configure them ofcourse) before going online.

[whocares]

for XP-Users, it'd be best to get the full installer of ServicePack 2
(download on a fast connection, or get it sent from Microsoft fro free on a  CD, often you also get it it on PC-magazines' CD's)

unplug modem/Cable; then Install WIN offline, then install SP2 still offline
- afterwards, install AV &
maybe install&configure Firewall and/or
- configure your system&browser safely

- AFTER this is the first time you may go online and then download remaining Windowsupdates

 

[Eddy]

or get it sent from Microsoft fro free on a  CD

MS already stopped quite some time ago, giving out the fre cd's

[DukeNukem]

Like many have said.

Never install windows XP with your modem connected to your PC.

If you get SP2 then slipstream it to an original copy of xp.

(see link below)

http://www.helpwithwindows.com/WindowsXP/winxp-sp2-bootcd.html

make sure you pc is clean before you create the cd.