Hi all,

Just a head's up if you do like I did and stupidly download something from an unknown and then allow it to run in hopes of getting an expired software to work:

The scenario a Dell machine with Vista x64 like new, not mine.
2 days ago I download a 'patch' (yeah you know the real word I just don't like to say it)
I open the file and let it run and authorize via Vista too quickly to realize it made a mutated .exe file first (whoops).
I thought something was up but then nothing happened for awhile, while surfing internet.
Then I get seperate brower window open a pop-up.. hmmm.. after awhile another..
so I shut it down, took it offline.

Meanwhile I use my laptop

After that I got next time I ran the machine, I get these pop-ups - no not the normal, more like the old style I haven't seen in years usually made from javascript got from wares sites.
So I figure np, root out the temp and temp internet files, etc. right?
Wrong!
Now this machine has McAfee antivirus , but no detect.
Next I go through the usual regimen of things to do - as you all know I am not unexperienced in PC and software technical.
But to no avail.
mutants keep spawning and grabbing javascipts and so forth.
I download Avira Antivir which has never failed me in 3 + years. No detect.
So then Superantispyware, which detects it as trojan.dropper/win NV connected to msa.exe and the 87 cookies it just downloaded (again), cleans it but it comes back.
I turn off all browser scripting, etc.
Finally a lot more cleaning, turn of system restore, reboots, etc. and then term the process msa.exe from taskmanager (again)
and delete the file from C;\Windows.

Finally Gone.

3 hours, and almost about to make a whole backup of the documents on the machine but didn't for fear code mutated hiding in them.

Fortunately it was a non-lethal product.

So the short story look to the taskmanager for msa.exe , if you have it and above symptoms term it, lock it down and delete first then clean up after, I could have saved myself 2 hours!

oh I forgot to mention the a.exe , b.exe and c.exe are spawned from the intial download run also, and b.exe tends to run in taskmanager also, but first remove msa.exe

meanwhile I have to say blocking attempted connections from shanghai , florida and cyber cafe's in no. california seem to be unrelated, but at the time I was not sure..
lol

the only safe surfing is abstinence

I use Virustotal, upload suspicious files - not just exes - there before running.