WinAntiVirus Attack





A couple of nights ago, my computer got afflicted with the WinAntiVirus malware.

It started out innocently enough: I was using Windows Media Center to watch TV, and I had IE open pointing to a portal site. As the TV program was about to end, I heard a couple of beeps. I didn’t think much of it at the time (actually by that time it was probably already too late). After the program ended, I closed Windows Media Center, and started noticing that the computer was really busy. A couple of minutes after that, I start seeing the following:

  • Popup windows, popup windows, and more popup windows.
  • A program called WinAntiVirus asking to see if it can install itself.
  • The computer remained extremely busy.

At this time, it was obvious that I got hit by the WinAntiVirus malware (isn’t it annoying that it disguises itself as a anti-virus software?) My first job was to figure out what I can do to get rid of it. So, I went to the search engine and found a couple of sites, all of them recommending elaborate steps for removing this trouble maker.

“There must be an easier way!” I thought… I am always leery about downloading more software and going into the registry, and then I remembered Windows XP has this System Restore function that would restore the system configuration to a previous time. So, I tried this route. Lo and behold, it worked!

In addition to that, I went into the Temp folder and got rid of all the files that were created after the system first became unstable. Hopefully these steps have saved my computer from this dreaded malware.

One thing that makes me wonder is how the malware got into my computer in the first place. I was not viewing any dubious web pages, and I haven’t opened any strange email attachments. Obviously figuring out what had happened is important because I want to be able to plug that hole so that this doesn’t happen in the future. A search on the internet, however, didn’t reveal anything. If anyone has any thoughts on this, please let me know!

Tags: Tags: ,