Why did I get reinfected within seconds of connection to the internet?

Helping people with computers... one answer at a time.

If you're not protected by a firewall or have other measures in place, you can be reinfected by a virus within seconds of connecting to the internet.

•

The scenario looks like this: you're infected with a virus, perhaps more than one. You spend hours cleaning, scanning, cursing and possibly rebuilding your machine to a clean state. Everything is clean and wonderful.

Then you connect to the internet.

With seconds (and I to mean seconds) - you're infected again. Why? How? You didn't do anything, right?

Well, that's part of the problem: you didn't do something.

•

All of the following need to be true for you to get reinfected again:

You're not behind a firewall.
You didn't install the patch for the vulnerability that was exploited to infect you.
There's an infected machine on the network that can reach you.

Viruses such as Sasser are passed by a type of computer-to-computer communication that doesn't involve email or for that matter any action on your part. If your computer is vulnerable and can be reached, then it can be infected.

So lets look at each of those three requirements, and how you can prevent them:

You're not behind a firewall. A good firewall will block the type of communication that the viruses use to travel from computer to computer. Install one. A broadband router will do. Turning on XP's built in firewall will do. Getting a software firewall will do. But it's something you need to do.
You didn't install the patch for the vulnerability that was exploited to infect you. Yes, the fact that there's a vulnerability is a bug in the operating system. But there's a quick and easy way to fix that bug. Install the patches. Stay up to date. Use Window's automatic update feature or visit Windows Update regularly.
There's an infected machine on the network that can reach you. Okay, so there's not a lot you can do about this other than know it's possible. Tracing back what machine is infected is possible, but difficult and can be time consuming. Rather than trying to fix some other machine, concentrate on protecting your own.

Article C2093 - July 3, 2004

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Ask Leo! - What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?
Ask Leo! - How do I keep my computer safe on the internet?
Ask Leo! - What's a firewall, and how do I set one up?
Ask Leo! - What's the difference between a Hub, a Switch and a Router?
Ask Leo! - How do I make sure that Windows is up-to-date?

Post a comment on "Why did I get reinfected within seconds of connection to the internet?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/why_did_i_get_reinfected_within_seconds_of_connection_to_the_internet.html