I had an interesting incident with a bit of malware getting on my computer.
I was playing chess on a fast board at Yahoo Games. During the game the screen flashed and everything slowed down and I lost my connection. Very soon Avast popped up and the JS:FakeWarn-E [Trj]invasion came up. I must have clicked inadvertently on one of the Advertisements on top of the game board. That is the only way I could see it have infiltrated my connection. I ALLOWED IT IN !
Next thing I had to do was getting rid of the malware. I could not use my screenshot software because it was being blocked. The Task manager would not stay up but for a second. Everything I tried running said that the program was infected, do you want to activate the software? There was a new red banner in the right corner telling me that my computer was infected, do I want to activate a “Security Suite” software? Things looked bad. The “Security Suite” software was pretending to scan the computer. I DID NOT answer any popup buttons. Also the Windows Xp Security Center was replaced by a crude screenshot copy. Things were serious. My internet connection was disabled (LAN proxy was set by malware).
I re-booted.
After re-boot i was able to use HiJackThis! I ran it and found some fishy filenames which I knew had to be the culprits.
O4 - HKLM..\Run: [ejappcrn] C:\Documents and Settings\Papa\Local Settings\Application Data\aucejljgt\tevrxuouqiw.exe
and
O4 - HKCU..\Run: [ejappcrn] C:\Documents and Settings\Papa\Local Settings\Application Data\aucejljgt\tevrxuouqiw.exe
The executable turned out to be the “Security Suite”
The computer would not let me delete the file but it did let me rename it. The next re-boot I got an Windows error saying the file couldn’t be found.
Using REGEDIT I eliminated those references in the run, startup.
After that I did a system scan and rebooted to a boot scan. Problem gone!
But, I was a gluten for punishment, I went back to Yahoo Chess Games and got it again.
This time to verify that I got it on that site: anyway, it was a cinch to search and destroy.
What I’m trying to impress here is that I INADVERTENTLY LET IN that “Security Suite” to invade my computer.