How does the Ahnrpta.exe virus infect a machine

My games and multimedia PC has twice now been infected with a virus that loads an executable called Ahnrpta.exe. This is with me being the only user and literally not downloading anything and not receiving any email on it.

I know my housemate has this virus on his laptop (he keeps telling me he'll get some antivirus) so I suspect it's coming from there (we use the same home network). The strange thing is though my work laptop which I use on the same network quite frequently has not been infected.

Both my work laptop and my games PC run WinXP and have no firewall other than the WinXP SP2 firewall.

Does anyone know how this virus spreads? I haven't been able to find a definitive answer from the antivirus vendor sites.

LachlanG

Posted 2009-07-16T09:18:55.233

Reputation: 675

Answers

If seen many backdoor/trojans like the Ahnrpta.exe virus, spreading by running automatically when you insert a USB thumbdrive for example (autorun.inf).

See this tutorial how you can disable autorun for external media (CD-ROM, USB drives...)

splattne

Posted 2009-07-16T09:18:55.233

Reputation: 14 208

It's a possibility. He said he didn't use my machine but... – LachlanG – 2009-07-16T22:03:27.160

If you didn't do a clean Windows install after the first infection it is likely you are simply reinfecting yourself. It is a bad trojan/backdoor and most likely brought rootkits into the mix. Due to the complexity of malware these days, nothing short of a clean install can ensure that you are not compromised. Who knows what this thing is doing on your network though depending on your settings, if it is on his computer it can have its way with yours on the same network.

Infections can occur now by simply visiting a bad website. You don't even need to click or download anything.

You need to make sure your version of Windows is currently patched and you are running a good Antivirus. My choice is NOD 32.

Clifford the Red

Posted 2009-07-16T09:18:55.233

Reputation: 175

I've used several rootkit removers so hopefully it's gone for good.

I'm fairly certain it wasn't from visiting a website as I always use Opera and it just isn't targeted by those sorts of exploits.

As you say who knows what it's doing on my network using his computer as a base, that's my question actually. – LachlanG – 2009-07-16T21:59:45.513