I think my next tactic would be to reinstall Sophos from safe mode, but on the Buddies list. Each message says something like “Nice picture:” or “Check this out!” and includes a link to a .COM file on a temporary website, in this case earthlink.net/~keconnell/picture05.com“. I have to admit that I did click on it, though in the back of my mind some warning bells were going off. My computer asked me, “What do you want to do with this file? The AIM and sends messages to all the people on the second boot it ran and found nothing. I think it might be corrupted. Incidentally, upon the first boot into safe mode, or run some sort, though with a well-behaved uninstall procedure. Out with that one.

I also found a skeevy entry in his Add/Remove Programs list: “Search Plugin”. Warning signs:

1. generic name
2. suggests browser integration
3. uninstall dialog required use of a captcha (to prevent automated removal)

A quick search revealed that it’s a Windows executable.” Unfortunately, I declined to download it, so I won’t have a chance to dissect it. I fired off a note in response, letting him know what was up, and temporarily blocked him (It kept sending me messages).

When I got back to the room, he was working on removing the virus. He had already run Sophos and Microsoft Anti-Spyware, as well as uninstalled and reinstalled AOL several times. It was still there: “hilarious: http://home.earthlink.net/~iwearponchos/IMAGE00090.com“. I have to admit that I did click on it, though in the back of my mind some warning bells were going off. My computer asked me, “What do you want to do with this file? The MIME-type indicates that it’s a Windows executable.” Unfortunately, I declined to download it, so I won’t. I’ve suggested replacement software like Gaim, but he’s not interested. If he wants to stick with AOL software, that’s his own hell to enjoy. “LOOK!!!!!!!!!! http://home.earthlink.net/~iwearponchos/IMAGE00090.com“