i got a certain file from bittorrent (which i think was the source of the problem) on a win2k machine, shortly thereafter i experienced the payload, which caused the computer to continually open new iexplorer windows. i use Firefox mainly, but use internet explorer only for hotmail, as MSN opens it. the problem occurs after closing a internet explorer window (usually quickly after it appears) and explorer uses max CPU opening new windows. shortly afterwards i found the exact problem on my XP based EEE although i have not run the suspect program there. i use this computer the most, keeping it on there was "bearable". i had installed process explorer and process monitor though i intend on reinstalling the OS as it has made System restore non functional. iexplore once run does not close and remains in background and when shutting down it tells me that its still not closing and must be done manually. one day it ran MMC to disable the keyboard and touchpad,i got control again by plugging in a usb mouse and run process monitor - the command (according to process monitor) was C:\windows\system32\mmc.exe C:\windows\system32\devmgmt.msc /s (See image.) later i standby and the disabled items worked again.
the poping up IE windows only contain the webpage that MSN messenger opens (hotmail inbox page), no ads or anything funny, just appears the intention is to make the computer unusable. i would also like to say that all the windows opened by virus are "clones" (in my opinion), although they independently load the web page, the difference between the clones and a page opened by MSN messenger, is that the MSN opened pages bring up the message "you are about to leave a secure internet connection. it will be possible for others to view the information you send" however the clones do not display this message (this is because the MSN windows start with https, then go to http). during this increased CPU usage, i do see additional files being loaded (appearing green in the file area of process explorer) durig the recreation, the last being Netmsg.dll. during closing of IE once, i noticed in task manager it has used 0.5GB of ram, but obviously i have not been doing that much browsing.
at one stage it might have interfered with firefox preventing it from seeing the mouse well (i would right click, menu would open but hovering mouse over items would not highlight them)
im reporting this so you can catch it with your AV.
i also have a vista laptop it comes with McAfee (it wants me to buy more), the virus has found a way on this machine even though the program is running all the time, i forget to do a scan and instead i do system restore (successfully) and it appears to be fine. the installed products are: securitycenter, virusscan, personal firewall, anti-spam, privacy service. if i never used MSN i wouldnt have known about this infection.
so if anyone wants an infection, i can send the file
thing.GIF 44.9 K