Has anyone else had to deal with this services.exe hijack yet? It's getting in through Internet Explorer and appears to install a hidden control file which either writes or downloads services.exe and registers that file in the registry under run. It alters or creates a dialup account which dials 001143xxxxxxxx with a username derived from the logon user name. I've seen 4 of these in the last 2 days and can't find any info on it. Nor can I find the name of the control file or where it is loaded. All this equals a format and reinstall at the moment. The only common link are the porn sites listed in IE history which non of the users have ever visited. HiJackThis etc, can remove the operating files (services.exe) but nothing can find the control file. Where else in the registry are files launched from? /run and /appinit don't show anything and no BHO's are doing it.