Just reformated maybe a virus

Unknown

Hi i just reformated my computer and when i got onto the internet i recieved a window form "Messenger Service" in the title bar saying 2 extremely dangerious viri(s) where on my computer saying it was from windows and to goto a website (i didn't of coarse) i was just wondering if this message was a virus scam or something. I know pop ups come up all the time but the thing is the only websites i could have visited before this poped up was yahoo, msn, dell, and aim . The message was also specific saying i had mydoom.v@mm and Backdoor.SDBot.gen. I did copy some movie files onto my computer but i didn't run anything, did a virus scan with norton corporate edition and it didn't find anything. just wondering if i should be worried.

I am pretty sure I had viruses before thats why i reformated... anyone have any ideas? Thanks in advance

Buckeye_Sam

Unless you installed all of the critical updates right after you reinstalled Windows you are probably infected. It usually takes about 20 minutes on the net with an unpatched system.

We need to get a look at what's running on your computer in order to help you. Please follow the directions at this link to download a tool called Hijackthis and post a log.

http://www.short-media.com/forum/showpost.php?p=172584&postcount=2

Blimna

here it is
Logfile of HijackThis v1.99.1
Scan saved at 12:50:55 PM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Hijack\HijackThis.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

I did update windows as soon as i could but i had to get drivers from dell and downloaded firefox, winamp, and aim while i was waiting (that service messege came up fore i had the critical updates)

Buckeye_Sam

There is a new virus going around that infects you through Messenger, but your log is clean. It looks like you disabled Messenger already, which is a good thing. As long as you're not having any problems I'd say you are clean.

Blimna

sweet thanks a lot for your help dood you rock, i just wanted to make sure