So I got a new laptop yesterday … A HP Pavilion zd7160us … It comes with XP Home, and, well, who the heck wants to run that? So, I blow away the heavily overloaded full featured system and wouldn’t you know it … While installing the new system, I am hit by an exploit … Once I had the machine semi-configured where I would use it, I notice that it’s trying to contact all these other machines on port 445 … So, even after installing firewalls and all the Windows Update stuff, it’s still doing it, and on boot, it’s trying to access port 445 on a local machine on the network here that it has no business trying to connect to … At times the machine would hang, etc … So, I go to Symantec, and lo and behold, there it is; W32.Korgo.L is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports (256-8191). Found YESTERDAY! I read the removal instructions, etc … and to me that’s a hassle … What if I miss something? What if it doesn’t completely remove stuff and since I updated with the thing active, maybe other symptoms will come of it … No! I want a clean system fully patched and ready to go to hit the ‘net … So I pop in the install disk and begin again, although this time I unplugged the network cable … I’ll get a firewall going before I connect the cable … This has never happened to me before … getting pounced on before I got a chance t put all the protection in place … It sure is frustrating, or … disheartening that this goes on …