I accidently navigated to my temp directory and got a virus scan message. Infected file found, aolfix.exe. Research reveals this to be the QHosts trojan.
Luckily, due to the design of the virus and the fact that I use my computer as a restricted user meant no damage was done, no settings changed, etc.
The annoying thing about this is that my virus scanner is updated daily and I had the patch (MS03-040, KB828750) that fixes the vulnerability that the trojan exploited to install itself installed within 24 hours of release.
In other words, I was infected before the patch and before the virus scan definitions came out.
It turns out that the trojan was out in the wild for at least three days before virus scan updates/patch was released.
It seems, that now even if you are diligent in installing patches and updating virus scanners it is impossible to use Microsoft products without getting infected.
On another issue, there are rumours that there is still a code execution vulnerability in DCOM, even after the two recent updates. Get ready for blaster V2.
Has Microsoft lost it? They seem to be unable to keep up with fixing the holes in their code as they are discovered. Worse, they do not inform users of vulnerabilities until a patch is released. Unfortunately, this is too late.
Was anyone else hit by this? Check your temp directory for aolfix.exe.
Appendix A.
IE Patch:
http://www.microsoft.com/windows/ie/...50/default.asp
QHosts details:
http://www.esecurityplanet.com/alert...le.php/3086611