OK, I'm a bit sketchy on a bit of the details. I was getting ready for work early in the AM wednesday morning doing some morning surfing from the news. I was misdirected to another site and I believe I sufferred from the WMF exploit. I have WIndows Home XP SP2 fully updated. I am running Symantec anti-virus professional with live update, it is also fully updated. I run AdAware and Adwatch v1.05, again fully up to date.

Symantec caught the Trojan, and said that it could not quarantine, but did deny access. After shutting my browser, I opened Symantec and found two files in c:\documentsandsettings\myuserfolder\temp. I right clicked on one of them and right clicked and chose "Delete". So far so good. Except it did not delete just one file. The counter for files deleted quickly climbed into the thousands. I quickly stopped the process and rebooted in safe mode. I ran a scan and found nothing in safe mode. I checked the log files and found that every file was in fact deleted. I ran an Adaware scan again in safe mode and found nothing. Stupidy, I ran CCleaner but allowed it to wipe the logs so I can't give you more info on the Trojan--However, as I remember it did not specify the type of Trojan; only that it was a trojan. The infected files were a series of alphanumeric characters, but I don't recall the extension--it was very early and I was rushed.

Anybody see this behavior before? I'm puzzled, please advise.

... and damn! I should have downloaded the latest patch.