W32 Tenga missed then caught

Yesterday I was web browsing, running FireFox. The web page failed to load properly, giving a blank screen and saying it was done. I shut down FF and restarted it. It gave me a strange error message. Something about a 16 bit error. I shut FF down and the other program I had running and rebooted the computer. All of maybe 3 minutes had elapsed from the first failure to load web page to reboot.

Windows got maybe 50 reloaded when the AV program, Avast, went off reporting the virus W32 Tenga present. Interestingly, it had somehow avoided, possibly disabled, the resident monitoring function of my AV program initially. I let the AV prog do it’s thing. It flagged every single executable, .exe, on my C: and D: drives as infected, approximately 900 files. It then cleaned out the virus without a fuss and no loss of files or data.
(If there is any suggestion I would make for an Improvement for Avast it would be an ‘anti-heartattack’ message during it’s search mode. I watched all my executables in my system directory get flagged infected :'(. I was expecting them all to get wiped from my HD. You have no idea how relieved I was when they were disinfected without damage) ;D.

I then went up on the web and learned more about W 32 Tenga. It comes in from remote locations on the web, taking advantage of a ‘buffer overflow’. Exactly what my web browser experienced. I was referred to the Microsoft security center and downloaded their latest fix of this problem. When I tried to install it I got the error report I already had the latest fix installed.

Errata:
Windows XP 32 bit. The built in firewall disabled.
ZoneAlarm firewall, updated 8 hours previously, was running at tight security, manual mode. That is, I granted all net permissions. I only had 2 ports open.
Running the latest version of FireFox with the security updates installed.
Was running Avast anti virus program, updated 18 hours previously.
The web page I browsed to was Yahoo email.

If anybody can think of why Avast first failed to note the intrusion or any higher security measures I could have taken I would be really delighted to hear of them. I strongly suspect the virus had managed to /maim/ Windows enough so that it was barely running. This is very disconcerting that a virus could act so fast and effectively.

Well RT,

Go here for information: http://www.viruslist.com/en/viruses/encyclopedia?virusid=88153 to patch for W32 Tenga infections. Whenever you update ZoneAlarm disconnect from the Internet, install and after restart with a new ZoneAlarm reconnect to the net. Firefox is only safe as an alternate browser with a fully updated and patched OS and IE version. When having Avast run the Webshield inside Firefox. Instructions are shown how to do this on the homepage of Avast’s. Have Firefox with the extensions Adblock and NoScript to avoid script infections. Only temporarily lift the NoScript ban for trusted sites or those you know to be free of malicious code. To check all your hyperlinks you can also install the Dr.Web hyperlink pre-scan plug-in (15 K).

To just get a second opinion if you are now clean from W32 Tenga or all it may have dropped, and may have compromised your machine download the free on-line scanner from Bitdefender 8 and the free scanner from Spyaudit to see if all is well (this does not clean but gives an indication you have a clean machine). Le bon weekend!,

polonus