Figured this belonged here.
I loved this!
Got a packet capture of a NetSend ( to port 1026 )
Message read:I hope I got that right.STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. \n\n\nWindows has found dangerous infected spyware on your computer!\n\n To rid your computer of this dangerous spyware do the following:\n\n1. Download eAntiSpy from: www.helpfixpc.com\m2
I came from 126.96.36.199/32874 ( China -- go figure )
That IP address is apparently well known at DShield
The addresses for the so-called product come form VC "Saint Vincent and The Grenadines"
I didn't investigate this further, just thought it humorous.