[don-o]

Nevertheless, she had the computer hooked to the internet,

by which I mean, the cable modem, which was powered on.

[humblegunner]

If someone had been emailing on it, a whole world of hurt could have gotten in.

[don-o]

Nevertheless, she had the computer hooked to the internet,

by which I mean, the cable modem, which was powered on.

[Cringing Negativism Network]

Just some suggestions of possible issues:

Is the XP patched?

Is the firewall on?

Is the computer itself hooked directly to the cable modem without a router?

AFAIK that combination could be vulnerable.

[iowamark]

Obviously someone has been using that computer on the internet, so the answer is obvious. Use a password, if necessary.

[paulycy]

spyware = spybot

[PIF]

Of course it can be infected without an active user. Windows is famous for that ‘ability’. Win 98 w/o user was infected on average within 30 seconds, Win 95 within 15 seconds.

XP, like the previous incarnations, has various bits and pieces that send out via the modem that it is active and online. Various apps send out signals that they are present - and if there is some bot listening then down comes the bad stuff.

That box was likely left online for hours - plenty of time for something to get through the notoriously porous Win security, McAfee or not.

The only way to guarantee no bad stuff is to never connect a Win machine to the Internet, never insert disks, CDs or DVDs. Better yet, never turn it on - as MS advises.

The best way to fix this is to do a secure erase which will take some time, reinstall XP from the OEM disk, do not reinstall anything from any backup (all previous data is suspect), and get rid of the modem. All should be well after that. Go online and you may face the same situation again... soon.

Or you might just consider a totally different manufacture, computer, and OS...

[bamagirl1944]

One thing I haven’t seen mentioned, is that she could have infected the computer by transferring files from some other place, such as a flashdrive, a CD, etc.

[Patrsup]

Couple of thoughts, email might not have been setup but people can use webmail through the browser and if it is the old IE that comes with XP home and has not been patched, there is plenty of reason to fear infection. If she is so illiterate on the computer, I suspect she has not patched anything nor probably has updates and required fixes installed.

If she is not emailing or surfing - why bother with the cable modem? Clean it up, patch it and take it off the wire.

For my two cents I prefer AVG (free) and SpyBot.

Hope it all works out -

[TomGuy]

Some older virii were transmitted in files.

It used to be quite common for them to show in, especially in game installs, but also in some program installs. That was when games/programs were shared via disk.

I have an archive of many programs/OS systems from the 80s and early 90s. I have some burned DVD disks (program backups) that will register as viruses. Some alerts are legit, some are false. Since they are on burned DVDs, the virus program can't actually remove them; I have notations of which programs have those. When I updated my archive by moving it to an external hard drive, I allowed the virus program to delete any infected programs.

If frequent/periodic virus scans are not performed or virus software not updated and run, sometimes virus program alerts will be false positives, especially on old installs. Old installs, however, may have old trojans and viruses.

If you get an alert, check the virus program website for further details on the seriousness of the alert-in-question.

[johncatl]

Computers become infected by more than just email. Surfing the web can infect a PC in a technique known as "drive by" from just going to an infected website.

The social networking sites, Facebook, twitter, etc. were compromised last year.

One other thing you can do is to set up a user profile with limited authority, not an administrator, and use that for normal web surfing.

Also make sure that the guest account is disabled and that you are running a good antivirus.antimalware program and that it is kept current and that the computer is scanned completely at least once a week.

[mad_as_he$$]

komando.com

[Bloody Sam Roberts]

According to her, she has never been on the internet or e-mail.

If she's running XP she had to have connected at some point to activate. Did she remove the network cable after activating? Does she have a firewall? If not...she's 'on the internet'. She may not have used a web browser but she's exposed.

[ShadowAce]

[AFreeBird]

I would also institute the creation of user accounts that are not of “OWNER”/”Admin” security level. It’s a PITA sometimes, but not allowing a basic user access to system directories is a tried and true security measure. Something M$ has ignored pretty much up until now.

[RightOnTheLeftCoast]

"My question is, can a computer be infected w/o active participation of a user?"

Well, the computer and the cable modem both have to be turned on, but yes, a Windows machine can get infected just by being connected to the Internet, even if you take precautions.

I have a fully-patched XP machine that sits behind a hardware firewall. All it does is serve our family VOIP. It does no browsing and no email. 99% of the time its screen is not even turned on. In addition to the hardware firewall for our network, it runs antivirus (which updates itself daily) and a software firewall. And yet, just sitting there like that, it managed to pick up some malware.

A study a couple years ago showed that an unprotected Windows machine will get infected within twelve minutes after connection to the Internet. From my own experience and my wife's and sons' repeated infections despite all my precautions, I have determined Windows machines to be practically impossible to fully protect. Your example is just another confirmation.

[visualops]

XP needs to be updated to SP3.
The cable company’s security will probably not be enough. Turn on Windows firewall, For a browser set up the latest Firefox with Adblock and NoScript.
If there really is a ton of crap on there you may want to just restore the machine, then proceed with updates etc.
If not then I suggest using this program in addition to malwarebytes-
http://www.gmer.net/