Maybe a coincidence, but it's now being reported that a BANNER AD (!) was infected with Qhosts trojan at FortuneCity last week. It was removed as soon as it was discovered, but that was at least a few hours later. It symptoms matched those referenced in this thread. The exploit was for that M$ security hole of August (MS03-032), patched again in Sept (same #), and that was still open until the lastest patch this week in Oct MS03-040 (828750). So if you haven't updated in last week, time to do it again... Qhosts infection is the only known exploit of the 3rd iteration of M$'s bug, and the websites used by it have all been taken down. So it's no longer a threat, but how long before a copy-cat or variant breaks loose... And yet another reason to run an ad-blocker.