Today I had a bad day with a spyware because of my trust worthy anti-virus Kaspersky failed to do it's job.
Yesterday one of my friend borrowed my flash drive and returned to me this morning, knowing that there maybe nasty surprise waiting inside my pen drive i immediately scanned my pen drive with Kaspersky anti-virus and it came all clear in the scan.
So without thinking i right click on the pen drive icon and opened it.For a second i thought that i have done a mistake because it took some time(30 seconds) to open the pen drive & it opened in a separate window.But still i didn't got any idea about what is happening behind the screen.
When i open my Internet Explorer(IE) browser i found that my home page that i have set to yahoo in IE have been changed to a site call "www.cssa.co.nr" and IE window title "Chiku was here - email@example.com".
i immediately scanned my pen drive in my old machine which has free AVG virus guard and AVG immediately caught the culprit a file call "chiku2008.vbs" a VBScript virus.
So Kaspersky really shattered the trust that i have to it by letting a small VBScript virus to get though uncaught.
i removed all the registry values that starts with "Chiku" but still when ever i change the "Window Title" in windows registry it will not save the change.
And i found out that in my running processes there was this "wscript.exe" and when i kill that process and edit the registry value it solve my problem.
But when i google about it i found out that wscript.exe is a windows process that handle VB scripts and i found a software Noscript.exe from symantec.com to disable this process.
So after wasting hours i finally got through this shit and if i caught the person who develop this virus crap i surely going to kill him.
From now on i am not going to trust Kaspersky or the crap IE.