You might remember a few months ago the problems I had with . These recently returned in a minor and transitory way that may be related to my current annoyance, which is that 's Internet Explorer 7 is acting weird.

Here's what IE is doing: After the system has been idle for some random time, IE 7 is launched but without a window. It appears to be loading some Flash content (I can hear looped music and Japanese or Chinese speech) and running a script. The reason I know there's a script involved is it eventually drives utilization to 100% then, after some time, I get the script-running-slowly-do-you-want-to-kill-it warning.

According to , IE is being launched by the svchost process (described by Microsoft as "a generic host process name for services that run from dynamic-link libraries"). What I found after messing around for some time is that it is next to impossible to determine how the svchost launch is being triggered and what IE is actually doing.

What IE appears to be doing is opening HTTP connections to servers identified only by their IP addresses. Googling one of these servers, 60.28.250.102 (which resolves to what appears to be a proxy server), produces only two hits and the pages appear to be in Hungarian (which I don't speak).

The other address, 61.152.242.218, resolves to a Chinese Web server, smarttrade.cn, which, on a cursory search, doesn't appear to be used by the bad guys. only produces four hits for the IP address, which are all in the public cache contents listings of three university HTTP cache servers.