>>Since opening a file (forwarded by a friend) ZoneAlarm has been telling me the Internet Explorer is trying to access IP 127.0.0.1:Port xxxx, where port xxxx varies almost each time. Symantec antivirus finds nothing. Does anybody have any idea what this may be? If I tell ZoneAlarm to block the access the IE process freezes, but it is possible to cancel IE by pressing the X button in the top right.
>
>It's viral-like activity, for sure. Most Windows servers are running IIS, and some users' workstations probably are as well. So, if that file is opened on such a machine, and IIS is unpatched, it could be exploited by the malware.
>
>It looks as though something has hooked itself either into IE as a "browser helper object" (easiest to fix) or directly into your TCP/IP stack. You should run an AV scan by at least one other product - you can temporarily install the free AVG product, or try online AV scans by Trend Micro etc.

Thank you Al and Hilmar. That is my greatest fear. Thanks for the references.

Alex