Today morning, as I turned my Win7 laptop on, Window Notification Centre showed me a scary notification which is same as the title of this post. So, I was infected. As a next obvious step I turned my antivirus on and it didn’t find anything similar. Crap. Now it was time to get furious.
When I clicked on View All Problems it applies to, below is the result which I got.
Wow! These are my C programs, which I compiled few days back using gcc and forgot to specify the output file name. Additionally these programs were having few errors and one of them was having an infinite loop. So Windows got suspicious about them and reported them as security threat.
So what made Windows to report it as security threat? Upon searching, I found something interesting on Symantec website:
W32.Ahlem.A@mm is a mass-mailing worm that is written in the Visual Basic (VB) language. The worm has been packed using the UPX run-time compression utility.
When the worm is executed, it attempts to email all the contacts in the Windows Address Book. The email will have the following characteristics:
Subject: Alert! SARS Is being Spread.
Attachment: a.exe
I think the a.exe as attachment might be the reason for Windows to reports it as a Trojan. I just deleted those files though there were not a threat for me. As conclusion, I would say, if you face this issue and you use gcc for your compilation work, do not panic and look if the files belong to gcc output. However, I will always recommend to use updated antivirus product to save you against the threats.
Have you ever faced it? What was your reaction?