Forum Moderators: phranque
Of course, it wasn't a webpage at all; Windows Media Player immediately opened with a file that it couldn't play due to the source file being "corrupted."
Fortunately I know enough to be worried when something like that happens. The first thing I did was pull the ethernet cable out of my computer so at least, if I am infected, it can't spread across our LAN or transmit data back to wherever. I then ran scans with Windows Defender and AntiVir, both at the highest security level and both fully-updated as of about midnight last night. No detections so far. I'll be running AdAware and Spybot shortly, although unfortunately I'll have to briefly go online again to download updates for those.
No unrecognized processes are running on my PC, at least nothing that shows in the Task Manager (and I know some things can hide). There was some hard drive activity right when Media Player opened, but that's normal so it doesn't necessarily (but might) indicate that something malicious was being installed.
So my question is: Assuming none of these scans turn up anything, would anyone here trust the box as it sits, or should I just bite the bullet and do a full reinstall of the OS? I don't mind doing that if I have to, but I'd rather not do it if it's not necessary.
I'm on Windows 2000, SP4, kept fairly up to date. Stupidly, I was running on an administrator account. I guess I'd gotten kind of lax since I figured I was smart enough to avoid getting infected. Not anymore. I'll be switching to a user-only account for the future, but of course that doesn't fix whatever may have already happened.
By the way, does anyone know when the most recent Media Player vulnerability was? The latest I can find was in April, and I know I've applied patches since then. It could be that I was attacked, but was sufficiently patched to survive it. What do you think?
You might want to check out NOD32. IMO it is by far the best AV/security software in existence. *Nothing* gets by it. It's free to try for a month, so even if you don't want to purchase it, it's well worth downloading it just long enough to use the on-demand scanner a few times. BTW I don't work for NOD32 - I'm just really impressed with their product.
Kaled.
As kaled says, this may just be the result of the recent Adsense bug [webmasterworld.com] that forced an Acrobat reader or media player start-up.
Jim
If it was malicious then I'm sure you weren't the first...
Bman, I've heard a lot of good things about Nod32 before, but it seems I've also heard that it's tough on system resources (I could be mistaken). What's your experience in that respect?
Unfortunately, I doubt it was the AdSense bug that triggered this. The page itself never displayed anything, AdSense or otherwise, plus I was using Firefox.
I've also decided to face the real world and take the security steps I knew I should have been using before but wasn't because they were a little inconvenient. I'm now using a "user-only" Windows account, I'm going to leave live virus checking turned on in AntiVir (which I used to leave off because of the slight performance hit) and I've changed my Firefox download settings to save every download instead of opening them in specified applications. These steps, plus regular spyware/adware/virus scans, should help me stay as safe as anyone can be on Windows these days.
I haven't noticed any decrease in performance since I've started using NOD32. In fact I just checked it in task manager and it consumes less than 1% of the total resources. Definitely can't say that about Norton.
