View Single Post
Old Apr 6, 2011, 7:04 AM   #5
JimC
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Chances are, you've got malware on one of the external USB Drives or Flash drives that's loading whenever you plug it in, as becoming reinfected by the same malware again after a good reinstall when recreating the partitions and updating the MBR code is very suspicious:

Here's a patch for Win 2K SP4 that lets you disable Autorun (so that malware won't automatically run and install when you plug in a removable drive that's infected).

http://www.microsoft.com/downloads/e...displaylang=en

That particular malware strain appears to be relatively new (but, there are many similar examples around of fake anti-spyware, etc.), and I haven't seen any reports of it spreading by USB. But, my guess is that something is loading from removable media that's causing you to become reinfected.

Check for any autorun.inf files on them and look for what they're loading (probably a hidden .com or .exe file on your removable media that's installing itself and pulling even more malware from the net once it's installed).

What you may want to do is install unetbootin in Ubuntu on your second PC. It should already be in the Ubuntu software repositories (it's available for Linux and Windows), so you can install it with a mouse click or two using the Synaptic Package Manager in Ubuntu.

That will let you burn .iso files to USB Stick (so that you can boot and run Live Linux distros without wasting a CD or DVD).

Then, scan *all* of your media (internal drives, USB Flash Drives, USB Hard Drives) using a few of the popular malware scanners that have "live" linux versions available that you can boot into (so that you're not loading anything from a compromised drive).

*None* of them are perfect, *especially* with newer malware strains. So, I wouldn't trust that drives are clean when some of them come back with nothing found.

Here are a few that have Live Linux .iso files you can download and burn to a USB Flash Drive or CD/DVD and boot into:

Dr.Web (better than most for hard to find root kits):
http://download.geo.drweb.com/pub/drweb/livecd/

Avira Antivir Rescue CD:
http://dlpro.antivir.com/package/res...-common-en.iso

Bit Defender Live CD .iso
http://download.bitdefender.com/resc...-rescue-cd.iso

Panda SafeCD .iso
http://www.pandasecurity.com/resources/tools/SafeCD.iso

When you burn those to USB or CD and boot into them to scan your media, make sure to use their features to update virus definitions to the latest versions first (which will require an internet connection).

Note that I'd also install an anti-malware product in Linux if you plan on using it on your second PC. Personally, I use Eset NOD32 with Linux (even though I use other products like Avira Antivir Premium with Windows). Get it here for Linux:

http://beta.eset.com/linux
JimC is offline   Reply With Quote