Here's a new one on me, and maybe those of you more experienced (skline) will be more familiar with it.
Lastnight I noticed Norton got a hit on a java applet that was downloaded. I was browsing through car forums, come to realize this was an applet that was downloaded as an embedded advertisement on a website. Okay, restart into safemode, scan, nuke it -- my problem should go away right? Negative.
I'm chillin this eve on WoW and notice an Internet explorer window pop up and dissappear. WTF? Open up task manager and I see some not-so-familiar processes running. DLLHOST.exe? end process tree. Services32.exe -- same. Service.exe - same. winPE.exe ... that's odd? End process tree and OH WOW my PC restarts...
Disconnect LAN cable and boot normally. Do a search for files created/modified within the last day and I find the programs I mentioned above, a service pack of some sort (invalid MS Knowledge Base article reference), winPE, and a sleu of content in my IE.5 cache. I use firefox... wtf indeedly-do.
So I think to myself... what was the last thing I did? Oh yeah, to install SP2 I had to enable help and support, background intelligence, RPC Locator. I go back and turn all of those off (I'm not on a domain, home network).
I just spent a fucking hour nuking every file those programs created (and the programs themselves). This all originated from a trojan that was part of a website advertisement in Java. Scanning the .idx and applet revealed it contained the trojan. It was bundled with some Free Support bar installer which I vicariously vivisected from my hard-drive.
So, disable java in your browser, and if you don't use IE make sure you set it for highest security settings, keep your virus scanner defs updated and watch your rear ports!