Why did I get reinfected within seconds of connection to the internet?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Summary: If you're not protected by a firewall or have other measures in place, you can be reinfected by a virus within seconds of connecting to the internet.

The scenario looks like this: you're infected with a virus, perhaps more than one. You spend hours cleaning, scanning, cursing and possibly rebuilding your machine to a clean state. Everything is clean and wonderful.

Then you connect to the internet.

With seconds (and I to mean seconds) - you're infected again. Why? How? You didn't do anything, right?

Well, that's part of the problem: you didn't do something.

•

All of the following need to be true for you to get reinfected again:

You're not behind a firewall.
You didn't install the patch for the vulnerability that was exploited to infect you.
There's an infected machine on the network that can reach you.

Viruses such as Sasser are passed by a type of computer-to-computer communication that doesn't involve email or for that matter any action on your part. If your computer is vulnerable and can be reached, then it can be infected.

So lets look at each of those three requirements, and how you can prevent them:

You're not behind a firewall. A good firewall will block the type of communication that the viruses use to travel from computer to computer. Install one. A broadband router will do. Turning on XP's built in firewall will do. Getting a software firewall will do. But it's something you need to do.
You didn't install the patch for the vulnerability that was exploited to infect you. Yes, the fact that there's a vulnerability is a bug in the operating system. But there's a quick and easy way to fix that bug. Install the patches. Stay up to date. Use Window's automatic update feature or visit Windows Update regularly.
There's an infected machine on the network that can reach you. Okay, so there's not a lot you can do about this other than know it's possible. Tracing back what machine is infected is possible, but difficult and can be time consuming. Rather than trying to fix some other machine, concentrate on protecting your own.

Related:

Ask Leo! - What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?
Ask Leo! - How do I keep my computer safe on the internet?
Ask Leo! - What's a firewall, and how do I set one up?
Ask Leo! - What's the difference between a Hub, a Switch and a Router?
Ask Leo! - How do I make sure that Windows is up-to-date?

Article C2093 - July 3, 2004

Recent Comments

0 Comments

Post a comment on "Why did I get reinfected within seconds of connection to the internet?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure