Infected Immediately after reformat/reinstall XP with Nothing installed

[Ike0069]

but drivers and all Windows Updates. How is this possible???

Not sure if this is the correct forum or not. PLease help me out and move to proper forum if necessary. Been here awhile, but never had any problem like this.

I had the google redirect issue that seemed to go away for a couple of days, but then everything got worse and pages I was reading would just change to a different random site and there was this page that would popup with the address "google-analytics". I decided to just reformat the drive and reinstall XP. Installed drivers and all Windows updates, anti-virus and MBAM from files on a different partition on the same drive and set up outlook express including importing files. I then went on the internet and everything happened again. A google-analytics page popped up and pages randomly were redirected.

So I reformatted/reinstalled again tonight. I installed my MB and VC drivers fro mthe CD that came with the product and then started installing all Windows updates which takes a while. After that, I went on the internet and I'm infected again.

My boot drive is partioned into C and D with D being where I install all my games and place any downloads or save files. However, I never did anything with this drive this time. I never even opened up the drive folder.

Please help as I am completely baffled

 

[Gunbuster]

Microsoft Security Essentials & Malwarebytes. Run them.

 

[TeeJay1952]

A Boot virus.
http://www.wikihow.com/Remove-a-Boot-Sector-Virus

 

[MadScientist]

Nuke the drive and re-install the OS.

http://www.dban.org/download

 

[Ike0069]

I ran many spyware programs, including both listed above with no findings.

I got a reply from bleepingcomputer that said it could be a compromised router. I have fully reset the router and changed the password and right now that seems to have worked as everything is back to normal. I will hold off on getting too excited for at least a week however.

I didn't realize routers could become infected even after the PC was clean, but this appears to have solved the issue right now.

It were end up being a boot virus, I guess that would spur me to just perform a whole new build, but i'm trying to wait until after christmas before I do that.

 

[power_hour]

Backup your programs and nuke the drive. Your security and other data could be compromised. Waiting for it to happen again is silly. Router infected?

Sorry I don't buy it.

 

[vo]

Compromised Router ... now that's new!

 

[Gunbuster]

I think this is more along the lines of your router going bad or having corrupted DNS. Getting dumped at a Google analytics page does not seem very nefarious

 

[Ike0069]

I think this is more along the lines of your router going bad or having corrupted DNS. Getting dumped at a Google analytics page does not seem very nefarious

This may be a more accurate description. My pc was infected by a rootkit that I was able to remove and after that was when I started seeing the google-analytics site. Maybe my router was corrupted vice compromised. Either way, resetting it to factory defaults and changing the password immediately fixed the problem. I know this sounds very odd, but I'm not sure what else to think. Two reformats/reinstalls and the problem still exists. Reset router and it's gone...........

For now though, I am not going to ANY secure sites on my this PC until I am 100% comfortable that the problem is 100% gone.

 

[mechBgon]

Routers can be subverted by scripted browser-driven attacks. You did the right thing: reset it, and change the password on your router so it's not at factory defaults.

Also, if your computer was infected, then I'd suggest getting fresh software installers straight from the publishers, not ones you saved to a drive using your infected computer.

Furthermore, if your router has wireless and someone's mooching off your connection, their computers can (believe it or not) infect your computer's network packets on-the-fly, if they're infected with something like W32.Arpiframe. Solution: disable wireless, or secure it with WPA2 encryption so no one can mooch off your router.


Here are some more security suggestions: http://www.mechbgon.com/security Hope that helps

 

[HarlanPepper]

My brother had a similar issue... he was trying to install a many-years old copy of XP and the service packs from scratch. The problem was that he got infected almost immediately while he was waiting for the various windows updates to download - even after a few fresh install attempts. The solution was to download the service pack from MS beforehand and install them offline before he first connected his ethernet.

 

[mechBgon]

Another workaround is to enable the Internet Connection Firewall (later renamed Windows Firewall) before plugging in the network cable or enabling the wireless, as the case may be. how to enable ICF on WinXP prior to Service Pack 2 This will suffice while you're getting the Service Packs and stuff.

 

[Ike0069]

I have deleted all .exe files from my pc that I had downloaded in the past, such as antivirus/antispyware, drivers, and add-on programs. I downloaded the major ones on a secure pc and installed them on my pc via a flash drive.

My pc was working normally as of Wednesday evening and it's been off since then. I will test it fully this weekend with every spyware program I can find to see if it comes up with anything.

 

[cirrrocco]

Nice.. How did you scan your router btw?

 

[Ike0069]

I didn't scan the router. It was suggested by another person that my router could be compromised so I should reset it and change the password. I did and have not had any issues since.
Another weird thing was that my malwarebytes program kept giving me an error when I tried to update the definitions, but after the router reset, it updated just fine.