Yes you should investigate, the least you can do is send the other experts: I think the best option would be www.virustotal.com
Anyway my two cents about your generic question, not the particular one about this particular positive…
You should get an antivirus, it’s a must have no matter what some say. CAVS is beta so it’s normal that you experienced problems, get Avira Antivir or Avast or AVG Free or something --and stay tuned for the final release of CAVS if you want. Even if you understand that the antivirus should always have a prevention layer on top of it, it’s still a must even for power users.
That said, it’s always possible to get malware no matter your precautions. Anyway, this is a nice example of a good firewall working as the last line of defence, again so much for the people who also say that a personal software firewall is worthless.
To answer you further, one reason why the malware was able to write itself to your Programs folder, or anywhere outside Your Documents or the Shared Documents for that matter, is that you were running Windows as Administrator, most people do this but it’s not really advisable. True that even if malware is forbidden from outside your documents folders I can’t see why it couldn’t still install itself there and do his stuff, but maybe if it’s not permitted to install in its favoured location the attack might fail completely because it doesn’t even try to install in your documents; plus there it would be easy for you to find it even by accident. But anyway the important thing is that if you run Windows as limited user you’re not only denying malware permission to install outside your documents, you’re also preventing it from changing or deleting any files there, program files, windows files, core ones, etcetera.
Creating a limited user is piece of cake in Windows from the Control Panel, although you’ll need to run as admin sometimes to install most software or to run some programs such as defraggers, registry cleaners, etcetera; but you can run a program within the admin account without logging on to it most easily, thanks to a certain Windows service (right-clicking on the program or shortcut and chosing the second option “run as…”, or editing the properties to make it the default option for that programs which also need that access. Still some people prefer to run as admins and castrate the admin permissions just for some programs such as the browser, email client etc. --I can’t see the advantage of this compared to the straight option myself–, there are programs that do that such as DropMyRights.
Also I can’t really tell you how you might have get infected, I guess there are hundreds of ways and I don’t know 99 per cent of them. Anything you download from shady sources (and P2P is always shadiest), by all means you shold scan it before opening it. If you had a resident antivirus, and again I recommend you to, I think it would be no good scanning with it on demand since it will scan on access (not sure); but you should get at least another scanner, one that covers spyware and trojans, for example AVG AntiSpyware.