I don't find any of this a big deal personally because in my experience its pretty easy to avoid getting viruses, UAC or not. But one of the the aspects of UAC I appreciate is that it lets you know if a program that you didn't intend to run is trying to
get permission, such as something that may have been added to your Windows startup process.
Am I wrong to say that the exploit circumvents this feature of UAC?
No, you're not wrong to question behavior. But how did the exploiting code get on your system?