Re: ? WINS\*.EXE installed as part of Windows

From: Alec Soroudi (a_at_a.com)
Date: 12/01/03


Date: Sun, 30 Nov 2003 20:08:04 -0500


    So you're saying that Windows becomes infected DURING the INSTALL,
that's why the files are already there as soon as the installation is
finished?

--
Alec
asoroudi@synetech.cjb.net
 
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:u2$oNq5tDHA.3116@tk2msftngp13.phx.gbl...
> If these files are under the path you quote, they are products of
infection.
>
> If you connect an unpatched XP machine to the Internet without enabling
the
> XP Firewall on the connection, it will be infected within seconds.
>
> You need to unplug the Internet connections while installing until you
> ensure that the firewall is enabled on the connection.  Then download and
> apply all critical patches via WindowsUpdate.  If you need access to the
> machine for file and print sharing, you could turn the firewall off at
that
> point, but your situation sounds like one where it would be better left
on.
>
> Apparently, you either have no firewall to the Internet, or have a raft of
> infected machines on the local network--even one will accomplish this.
Have
> you checked your local network using the tools to detect
unpatched/infected
> machines?
>
> http://support.microsoft.com/default.aspx?kbid=827363
>
>
> "Alec Soroudi" <a@a.com> wrote in message
> news:eOej$R4tDHA.1876@TK2MSFTNGP09.phx.gbl...
> >     Hi,
> >
> >     You know that whole WINS thing?  %systemroot%\WINS\DLLHOST.EXE &
> > %systemroot%\WINS\SVCHOST.EXE?  Well I'm a bit confused about it.  Are
> they
> > actual Windows files that have been exploited or are they files that a
> virus
> > puts in there?  The reason I ask is that I recently did a clean install
of
> > Windows XP Professional on a bunch of machines and after the second
reboot
> > (after it does the "Saving settings" part, before the part where you set
> up
> > the users and stuff), the two files are THERE!  I booted into DOS mode
> after
> > each and every reboot during the install and after the second one, the
> files
> > were there.
> >
> >     So, what's the deal?  Are they system files?  Is the installation CD
> > infected?  Is it the MBR, or some other part of the system that's
> infected?
> > I could swear they weren't there the first time I installed XP when we
> first
> > got it...
> >
> >
> >     Thanks.
> >
> > --
> > Alec
> > asoroudi@synetech.cjb.net
> >
> >
> >
> >
>
>