A friend send me this in an IM, probably unknowingly:

load http://xx.xx.xx.xx/toolbar.exe c:\toolbar.exe 1 -s

I didn't click the link obviously. I use Trillian, if it matters.

Is this the AIM virus?

It would appear that is indeed the AIM virus:

http://it.slashdot.org/article.pl?sid=05/10/31/0120251&from=rss

The AIM virus has a rootkit. Thank god for AIMfix.exe.

Good point, James. I suppose posting the full link was a bad idea. I'm wondering if there's something we should do to block that IP address on campus.

The propogation of the AIM virus like the majority of the recent ones is acheived by many hosts, typically foreign or smaller free webhosting services. So blocking this one IP not going to be as effective as you might think.

I would like to add that per the AIMfix author's instructions, everyone must run that tool twice in a row. Open it, let it remove whatever. Then immediately open it AGAIN and rescan.

Occasionally it will grab more things the second time around.