New PC infected?

  tasslehoff burrfoot 22:24 18 Jul 2004


For reasons that I won't go into here (I'll make a new thread for that) I have had to restore my PC to factory settings.

As soon as I had done so, I downloaded zonealarm, disconeected from the internet, set it up, then downloaded spybot, adaware, spywareblaster, AVG and A2.

I then dsconnected from the internet and ran all of the above. A2 came up with trojan.killreg.something and cleaned it.

What I am concerned about is that this exact same trojan was found when I first bought the PC. Is it possible that the restore partition (my XP is OEM) is infected? But A2 is scanning the restore partition so surely it would have cleaned it first time round?

If not the partition it must be from PCA,, lavasoft, safer-networking or major geeks, as these are the only places I went to.

None of these seem likely so what has happened?



  johnsims 22:45 18 Jul 2004

According to the Pest Patrol site, Trojan.Win32.KillReg.a has a date of origin of April 2004, so unless your PC is very new, it is unlikely to have come with the machine. Again, according to the P P site, it nukes the registry - is this why you had to reinstall windows? More worrying is that it could have come from PCA downloads!

  harps1h 22:54 18 Jul 2004

if it was there how can you say it came from a pca download? how can you be certain it did not infect your machine from another source before you finshed down loading your av?

  tasslehoff burrfoot 22:58 18 Jul 2004

Thanks for that, I actually bought my PC at the end of April so this is a possibility.

I have the utmost faith in PCA, lavasoft and safer networking. I am assuming majorgeeks and are safe (I'd be very suprised if not).

How likely is it that the PC is a returned item, infected, and put straight back on sale without being checked? (apart from a factory restore of course).


  hillybilly 23:01 18 Jul 2004

"How likely is it that the PC is a returned item, infected, and put straight back on sale without being checked? (apart from a factory restore of course)."

Quite possible!

What should do is switch off system restore, shut down and restart your PC. then you can reset system restore, which should run from a new point today.

  tasslehoff burrfoot 23:02 18 Jul 2004

I didn't say it came from a PCA download. I am not certain of the source, hence my question. It's a trojan so I would not expect my AV to find it.

For the record I did not download anything from PCA, I searched the helproom for the products I wanted and followed the links provided in previous postings.

I am not suggesting PCA is in anyway a part of my problem!


  tasslehoff burrfoot 23:06 18 Jul 2004

I don't mean system restore, I mean the manufacturers restore partition (i.e. like a restore CD you would get from Tiny etc but on a partition of C: drive) which removes everything from the hard drives and puts the computer to the same state as when it was sat on the shelf in the shop.


  hillybilly 23:09 18 Jul 2004

Whoops sorry misunderstood!

  harps1h 23:13 18 Jul 2004

would you try running stinger. i had the blaster worm last week which i thought should have been picked up by my av, only when i ran stinger it found it and got it out.

  tasslehoff burrfoot 23:20 18 Jul 2004


Do you know where I can find stinger?


  johnsims 23:23 18 Jul 2004

Pest Patrol will remove this particular beast
click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

8 brilliant character artists speaking at Pictoplasma 2018

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?