Somehow, today I got infected with this little piece of malware.
Its a explorer popup advertising malware, so popup blockers do not effect it.
It normally attacks firefox users, although I do not run firefox and was infected by it.
A quick uninstall, registry sweep and temp folder deletion did not fix it. After restart it appeared again (in Common Files folder).
It is not located in Run or RunOnce but is located in ShellEx hook. I read something about steganos spyware being able to detect it ( a spysweeper rebranding), but do not know more then that.
There are only 2 places I could have gotten it.
Bitcomet .70 from the megaupload link posted on hteir forums, since the standard cnet is problematic at best.
Or abcAVI tag editor. (Since switching to WMP11 half of my TV shows are incorrectly named now and I need to retag about 75 of them
To prevent it from starting/reinstalling, run the uninst.exe in the common files\NSIS folder, but when it propmpts you to restart.. instead do a hard reset/power off. This will prevent it from reinstalling itself.
You can thereafter still find it listed in the registry under HKLM\Software\NSIS\Media however the data is Optout 1.
I have not tried deleteing that yet to see if it still comes back
Unfortuantely i still dont know where it really resides (although I did see a BitComet refernce in the registry to NSIS, it could have been the NSIS (Nullsoft Install Something). So as soom as I finish my tasks, reformat time. Then I will know for sure if it is bitcomet.