Had Powershadow running, Returnil probably would have worked also.
Used eDintori.net, Irish search engine to look for Piriform forums.
One of the links (about hanged people, dont go) went to a site which locked me up. All I did was open it. It tried to install a rootkit, I think. Edit: would welcome any comments from members more knowledgeable about what happened.
Not entirely sure of the following order, but IE was locked up, thats for sure.
Got warning 1. Clicked cancel.
Window wouldn't get out of the way...always on top. Windows key+d will clear the screen.
Got the install prompt.
Clicked cancel on the install prompt. It cancelled.
Clicked cancel on the download prompt. The prompt just repeated itself. 5 times
Clicked the x to close the next install prompt. The prompt just repeated itself. 5 times
Clicked on another tab in IE. Wouldn't change tabs. Got the bloop sound.
Clicked on the x to close IE. Nope.
Clicked on the system tray to close IE. Nope.
Disabled 'net connection from systray.
ctl+alt+delete brought up task manager.
Used tskmgr to shut down IE. worked.
Scans of C:\Documents and Settings\Compaq_Owner\Local Settings before reboot
Avast = nothing
SuperAnti = nothing
mbam = nothing
A2 = Rootkit.win32.TDSS!K in c:\...Local Settings\temporary internet files\ContentIE5\O9H2O13\[1].EXE.
Apparently this is a fairly new malaware. ?
Scans after reboot: Apparently nothing installed.
Don't Know what would have happened if I hadn't had PS running. Wish it was still free, but Returnil has the same capabilities, I guess. I notified eDintori.
Edit: Well, OK, guess I'll quit using xs.to for image hosting. Lotsa junk comes with those thumbnail links.