I recently had a customer call me to say that she has something called virusheat on her computer. It says she has thousands of infected files, and by purchasing the virusheat remover, her system will be cleaned up.
The thing is: I installed antivir and windows defender (together with bhodemon, spyware blaster, and winpatrol), about 6 weeks before this re-infection.
She also said she scanned her whole PC with antivir and defender, and they detected nothing wrong.
I take the PC back to the office, and take a good look.
It turns out someone was using the PC to surf porn websites (a potential source of newly created malware).
Also, someone had removed bhodemon, and spyware blaster needed to be updated.
I also find that antivir and defender (as of 31/mar/2008 ) do not detect virusheat.
Using highjackthis, I was able to find the infected files, and rename them (just rename the c:program filesnetproject folder… from safe mode or by connecting the hard drive to another PC).
After that everything settled down. I just did some cleaning up using highjackthis, and it was gone.
I must say that in over 2 years of using antivir (and about 1 year of using defender), this is the first time i’ve seen them powerless to prevent an infection.
Of course this is to be expected, since most anti malware programs are reactive: ie only able to detect infections after the infection is released to the internet… so new malware is less likely to be blocked by traditional anti malware solutions.
Ultimately, there is only one (impractical) way to guarantee that you will not get infected: stay off the internet.