I was going through the logs for one of the websites I manage, and found some requests that didn't look right. I looked up the IP and found it belongs to a well-known U.S. datacenter. For some dumb reason, and I don't even know why I did it, I pasted the IP into my browser's address bar to visit it (having disabled lots of stuff first).
Of course, it wasn't a webpage at all; Windows Media Player immediately opened with a file that it couldn't play due to the source file being "corrupted."
Fortunately I know enough to be worried when something like that happens. The first thing I did was pull the ethernet cable out of my computer so at least, if I am infected, it can't spread across our LAN or transmit data back to wherever. I then ran scans with Windows Defender and AntiVir, both at the highest security level and both fully-updated as of about midnight last night. No detections so far. I'll be running AdAware and Spybot shortly, although unfortunately I'll have to briefly go online again to download updates for those.
No unrecognized processes are running on my PC, at least nothing that shows in the Task Manager (and I know some things can hide). There was some hard drive activity right when Media Player opened, but that's normal so it doesn't necessarily (but might) indicate that something malicious was being installed.
So my question is: Assuming none of these scans turn up anything, would anyone here trust the box as it sits, or should I just bite the bullet and do a full reinstall of the OS? I don't mind doing that if I have to, but I'd rather not do it if it's not necessary.
I'm on Windows 2000, SP4, kept fairly up to date. Stupidly, I was running on an administrator account. I guess I'd gotten kind of lax since I figured I was smart enough to avoid getting infected. Not anymore. I'll be switching to a user-only account for the future, but of course that doesn't fix whatever may have already happened.
By the way, does anyone know when the most recent Media Player vulnerability was? The latest I can find was in April, and I know I've applied patches since then. It could be that I was attacked, but was sufficiently patched to survive it. What do you think?