So, I decided to fire up one of my older laptops and install Win2000 on it. I thought maybe I'd make into a Privoxy box. I know, I know I can do that in Linux but don't worry keep reading. It was running linux before so this is a fresh install.

I got Windows 2000 installed then I went and download SP4 from Microsoft. I'm running the service pack install and it first tells me a debugger is running and to shut it down. Flag 1 Then later tells me it can't get continue because FTP.exe is running. flag 2. I pull the ethernet jack and reboot, thinking I did something wrong. Who knows I've been known to screw up once in a while.

I boot it back up and I notice it's now got some executable with a maroon and black german cross sitting in the root directory!

the plot thickens

I start poking around and think what the hell, I click on the icon, nothing happens. I try the Service pack again, same error. I reboot. This time a modem dialer runs and it wants to dial out. No thank you.

I decide to go and get Pstools and see what's going on. Holy crap. I've got a dozen or system connections to various other computers. I go and get spybot and AVG and boot into safe mode.


List of Items:
1 modem dialer program
mdm.exe Trojan
staff[1].exe Trojan
FTP.exe trojan generic_c.kr
Backdoor.Win32.SdBot.bkx
Zedo cookies
various registry disables (from trojans)

Lessons Learned:

NEVER put a windows machine onto a network naked. At the bare minimum put it behind a router. It took 60 seconds for this machine to turn into a zombie. It's now got Linux on it. Don't get bit.