I have been running vista x64 for six months now, with OneCare v2 beta, and no other security software. I had never needed to use it until last weekend.
I for one never have had a problem with UAC popping up all of the time.
So I was pleasantly surprised to see it appear asking me if I wanted to let *.exe run on my PC.
I knew I didn’t want to run it as I hadn’t asked it to, so I said no and thought nothing of it.
However, it kept on popping up everyone hour or so, so I decided to Google it to see why on earth it was doing this. And lucky me I had found some malicious software!!
Now the fun part came when I decided that I did not want it on my PC, rather that Googling it this time I thought I would try to get rid of it myself. Firstly I tried to delete it, this or me nowhere as I did not have the permission to do so. Even though I am the admin user, I changed the rights on the file itself saying that if I am running it as the admin then my only permission is to delete it.
This seemed to make Vista happy and it was gone. Or so I thought, it reappeared in another folder, so same trick again and it disappeared again. Until an hour or so later it had reinstated itself.
So I decided to run OneCare just to see if it would pick it up, left it overnight and when I got up it had found nothing wrong on the PC.
By now I realised that I was getting nowhere in a hurry, so I downloaded Spybot, Adaware and HiJackThis, just to see if they would get me any further.
Unfortunately for me they proved just as useless at removing this unwanted pest.
So I decided to do something stupid, let it install itself. Ok so it's not entirely a dim witted thing to do, as a format will solve many problems. Once installed I ran OneCare again overnight and thankfully this time it removed it.
Trojan 0 - 1 OneCare
Worm 0 - 1 OneCare
End result, a once again clean PC, and two nil up to Live OneCare.
Other related posts:
Xbox360 Dashboard update and Unreadable Disc's
Hotel cancellations experience
White Powder Incident - Wellington
Comment by freitasm, on 1-Oct-2007 19:54
The most interesting question is why it would try to execute the program every hour to install it? Obviously something was already installed to try and run the program on a schedule, otherwise it wouldn't try a second time?