Why did I get reinfected within seconds of connection to the internet?
The scenario looks like this: you’re infected with a virus, perhaps more
than one. You spend hours cleaning, scanning, cursing and possibly rebuilding
your machine to a clean state. Everything is clean and wonderful.
Then you connect to the internet.
With seconds (and I to mean seconds) – you’re infected again. Why?
How? You didn’t do anything, right?
Well, that’s part of the problem: you didn’t do something.
Become a Patron of Ask Leo! and go ad-free!
All of the following need to be true for you to get reinfected again:
You’re not behind a firewall.
There’s an infected machine on the network that can reach you.
Viruses such as Sasser are passed by a type of computer-to-computer
communication that doesn’t involve email or for that matter any action on
your part. If your computer is vulnerable and can be reached, then it can be
So lets look at each of those three requirements, and how you can prevent
You’re not behind a firewall. A good firewall will block
the type of communication that the viruses use to travel from computer to
computer. Install one. A broadband router will do. Turning on XP’s built in
firewall will do. Getting a software firewall will do. But it’s something you
need to do.
You didn’t install the patch for the vulnerability that was
exploited to infect you. Yes, the fact that there’s a vulnerability is
a bug in the operating system. But there’s a quick and easy way to fix that
bug. Install the patches. Stay up to date. Use Window’s automatic update
feature or visit Windows Update regularly.
There’s an infected machine on the network that can reach
you. Okay, so there’s not a lot you can do about this other than know
it’s possible. Tracing back what machine is infected is possible, but difficult
and can be time consuming. Rather than trying to fix some other machine,
concentrate on protecting your own.