I had an infected computer and reformatted the HD. Clean install of Windows XP and XP service pack three. I had some files stored on a flash drive for the users favorites and what not. I copied those files to a folder on drive c: and restared the computer to finish other tasks.
After reboot I installed Office and then the updates. The updates would download but not install. The error message I got was the registry was out of space. I downloaded Ad-Aware and it installed but the scan would not run. I downloaded AVG and it installed but would not scan. I installed Symantec Corporate 10.2 and updated it and it would run but nothing was detected. I checked my flash drive on another computer and the trojan horse Vundo was found in that directory and deleted. The two files are Gugakeje.dll and Jovijora.dll. they installed two infected files A0008124.dll and A0008125.dll into the C:\windows\system32 folder which was also caught and deleted.
My question is what triggered those 2 .dll's to act as an executable file on startup to cause the registry out of space error message and keep the scanning programs from scanning.
The fact that these 2 .dlls did infect and new computer software install is hard to ignore and the updated Symantec Corporate edition ignored these files is also a fact.
Who is paying these trojan horse program writers to write these programs is also a mystery and until Windows stops allowing these programs to be written to the protected areas of the OS there will never be a stop to this type of time waster. Ubuntu is looking better and better to me