A virus attack that is. After more than 8 months of virus-free computing(without using a Anti-Virus too, I might add) my laptop finally bit the bug(so to speak). It happened day-before yesterday, oddly seems to have triggered off after installation of Windows Media Player 11(Santosh was praising it, so I thought I’ll check it out). Downloaded it, got it WGA’d(yes my Windows XP SP2 is Genuine, OEM) and installed. First signs of trouble was when Windows Explorer kept throwing Data Execution Prevention Errors(DEP) while browsing through my Music partition. Then WMP11 kept crashing when trying to add my Audio collection(roughly about 7.65 GB).

[ad]

Further analysis revealed that it kept crashing only when adding Metric’s album Grow Up and Blow Away. Thought it was weird, for WMP to keep crashing for that particular album, so I launched Windows Explorer to navigate to that folder. And lo! No sooner I opened my Music Partition I found random files

  • Seduction secrets
  • MySexMovie
  • MySexPicture
  • WallPaper
  • anna
  • Windows serial number
  • GoogleHack

All these seemed jpeg files, but where actually exe/pif files(yes. I have “Hide extensions for Known File types Disabled”). I saw this and knew instantly that my system had a trojan/worm attack, and immediately disconnected from the Net(further reading on the worm made me realize that the it downloads these files from the net). Since I didn’t have any Anti Virus with me, I installed Kaspersky from the Chip DVD, and started scanning my system, And Bingo! got them all cleaned out. I still had to do some leftover cleanups, which I will post soon have posted here.

I’m still wondering how my system got infected though. I’ve disabled AutoRun for Pen drives alone(as I’ve mentioned in this post), and I make sure I open all drives via right-click open rather than blindly double-clicking them.

Besides, the virus description tells me that the method of propagation of virus is

  • Email
  • Local network

Now I’d given up using a local email-client long time ago, and my laptop isn’t on ANY network. My only guess is that this worm was sitting dormant, and the installation and subsequent use of Windows Media Player 11(have never used WMP on my laptop before) triggered off the virus infection, since it makes use of the MS06-001 vulnerability.

Well that’s just my guess anyway. In the end, ended up scanning my entire HDD, no other virus were found. I might go in for a reinstall, though, nothing quite like a Windows reinstall for that perfect cleanup.

[ad]