Yesterday I was web browsing, running FireFox. The web page failed to load properly, giving a blank screen and saying it was done. I shut down FF and restarted it. It gave me a strange error message. Something about a 16 bit error. I shut FF down and the other program I had running and rebooted the computer. All of maybe 3 minutes had elapsed from the first failure to load web page to reboot.
Windows got maybe 50 reloaded when the AV program, Avast, went off reporting the virus W32 Tenga present. Interestingly, it had somehow avoided, possibly disabled, the resident monitoring function of my AV program initially. I let the AV prog do it’s thing. It flagged every single executable, .exe, on my C: and D: drives as infected, approximately 900 files. It then cleaned out the virus without a fuss and no loss of files or data.
(If there is any suggestion I would make for an Improvement for Avast it would be an ‘anti-heartattack’ message during it’s search mode. I watched all my executables in my system directory get flagged infected :'(. I was expecting them all to get wiped from my HD. You have no idea how relieved I was when they were disinfected without damage) ;D.
I then went up on the web and learned more about W 32 Tenga. It comes in from remote locations on the web, taking advantage of a ‘buffer overflow’. Exactly what my web browser experienced. I was referred to the Microsoft security center and downloaded their latest fix of this problem. When I tried to install it I got the error report I already had the latest fix installed.
Errata:
Windows XP 32 bit. The built in firewall disabled.
ZoneAlarm firewall, updated 8 hours previously, was running at tight security, manual mode. That is, I granted all net permissions. I only had 2 ports open.
Running the latest version of FireFox with the security updates installed.
Was running Avast anti virus program, updated 18 hours previously.
The web page I browsed to was Yahoo email.
If anybody can think of why Avast first failed to note the intrusion or any higher security measures I could have taken I would be really delighted to hear of them. I strongly suspect the virus had managed to /maim/ Windows enough so that it was barely running. This is very disconcerting that a virus could act so fast and effectively.