So tonight I decided to do a bit of housecleaning and went and cleaned out my C drive. I deleted the partition and did a clean format. I then proceeded to do a clean install of XP Pro and a few odd things started happening. An error message popped up shortly after it booted saying that it could not run some file. I then looked into my C directory and found some things that should not be there, one of which was the file that it said it coult not run. I typically don't run antivirus software since in the past keeping xp up to date and my firewall running kept me safe. However, when this stuff showed up on a clean install, I decided to run McAfee just to be sure. Lo and Behold it found two things that shouldn't be there, a virus named sdbot.worm.gen and qlowzones-2.gen. What I'm wondering is how these got on here. I was under the assumption that deleting and then formatting a partition removed all data, so I didn't think it could have been a remnant from before. I do have a second partition on the array for Data, but I don't think it came from there. Is it possible if connected to the internet to download this stuff while installing XP? I can't figure out how the hell I got these otherwise. The worm is fairly old, from back in april, but the trojan is pretty new, just was posted on McAffe's site late November.

Any thoughts? And don't give me the whole, "go to linux" line. If linux was as popular as windows, there would be flaws exploited in it too.

Whenever I've done a fresh install of XP, before I even hook it up to the Internet I always install McAffee (or Norton in the past before UMR bought the licenses for all students). After plugging in my ethernet cable the first site I go to is to update my virus definitions. THEN I download my Windows updates.

I learned the hard way one time when I started running my Windows updates prior to even installing an antivirus program. As my computer was preparing to download SP1, I got the illustrious Blaster worm!!

So yes, I'd ALWAYS run antivirus software, even if you're using the Windows firewall as well.

Earlier this semester, UMR IT ran an experiment in which they hooked a machine with a typical virgin installation of Windows XP--and nothing else--to ResNet, and powered it on. Within 14 minutes of having the machine sitting there idly, it had already contracted a virus.

Deleting partitions doesn't destroy data, it only makes it inaccessible (which in theory is good enough). However, it leaves the master boot record intact, so if a virus were to plant itself there, it'd remain even after a clean install.

Yeah that happened to me at the beginning of the semester. I reformatted everything and reinstalled windows when I first moved back in this semester. By the time I had booted up and went to Windows Update, I had the blaster worm. IT blocked me in the middle of updating and I had to get a cleaning tool from them before they'd unblock my computer. Now the first thing I install is a firewall and antivirus before connecting to the internet.

If you "delete" a partion you should be safe from that "deleted" data.
If you hook up the internet to Windows with out a very good virus scanner.. you will not be fine.

Note, you could get a boot sector virus that will not be deleted if you reformat... thus when you do a fresh install it will spread through out your new system like wild fire. So it is possible to get re-infected if you have done a clean install, and are not hooked up to the internet.

l8r,
Brandito