First of all, i thank everyone in here who volunteer for this awesome service free of charge, in this world where everything has a price tag, finding something like this is really nice.
Ok, to the issue:
Recently, i was chatting with a friend over MSN, suddendly this person sent me a link with a "photo" and asked me to download it. It seems that her computer is infected with something that makes her send automatic messages to her contacts with quotes like "look at this pic" and stuff like that, i know it's the oldest trick in the book in order to infect someone but for some strange reason i don't comprehend yet (i believe i was sleepy), i fell for it and downloaded this fake "picture".
The link with the download is this one. PLEASE DO NOT CLICK IT, I'M JUST POSTING IT IN CASE SOMEONE RECOGNIZES THE PAGE AND PROBABLY THE WORM:
AGAIN DO NOT CLICK IT!
Following the equal symbol was my email address
When i was about to open it to check it, i find that it is an .exe disguised with a .GIF image icon. I quickly scanned the archive with Avira Antivir (free version) and it detected nothing wrong. But of course i did not open it and instead i threw it to the recycle bin.
Some moments later, avira informs me that it has discovered a variant of the worm "Palevo.DP". It moved it to quarantine and then deleted it. But it did not end there, some minutes later it detected the same malicious file this time in another directory and did the same. Yet, moments later it detected it for the third time.
My question is:
Do you think this worm has been completely purged from my PC or do you think it has propaged all over it? i've ran Malwarebyte's antimalware, Lavasot Ad-Aware and a bunch of other anti spyware programs, doing full system scans everytime. I also ran a full system scan with Avira and nothing popped. Is it possible to get infected with it by just downloading the .exe file or do you need to actually execute it?
Do you think this worm may have hidden itself very well so the programs can't find it? i cerntainly have noticed a little bit of slowdown with my pc and my internet connection (maybe that's just mycrappy ISP but who knows.)
I would be very grateful if someone could help me verify that this nasty thing hasn't left a single trace of it on my PC because i regularly do online shopping with my debit card and i don't feel kinda safe right now.
Here are the images from the event logs of Avira:
http://img72.imageshack.us/i/worm1z.jpg/ <- First detection, the file was in the recycle bin at this time.
http://img688.imageshack.us/i/worm2.jpg/ <- Second detection, at this moment the .exe deleted from the recycle bin.
http://img269.imageshack.us/i/worm3.jpg/ <- Third detection and last. Again, i deleted the file from the recycle bin.
My OS is Windows XP Pro.
Thank you very much!
Edited by quietman7, 05 May 2010 - 01:12 PM.