We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines. Trend Micro claims it’s not “in the wild.” That’s not true. I haven’t seen this many virus reports for XP in a long time. Trend Micro’s fix is to update DAT’s and scan the machine. I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix. The virus appears to come from webpages. Here’s a sample error:
Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.
File: C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\XFE1E8MF\_YzFvdDRpbmc_NzI4X2FvXzM5NThfMF8xMDIyOF9hb18_a2V5aW4_[1].exe
Detection date: 11/13/2007 14:33:05
Action: Virus successfully detected, cannot perform the Quarantine action
I’ll keep an eye on this. Let me know if you see anything.
UPDATE: I got some more info on this. Some of our SA’s have been tracking it. The virus alerts come up when people visit a certain media industry website. The site either pops up another site, or somehow redirects to “malware-scan.com”. Don’t go to that site unless you want to get infected. You should consider blocking that site using Websense or other tools. I hope this additional info helps.
Techno babble from an IT guy named Harry 
I have seen this 11/14/2007:
Virus Alert!!
TROJ_DLOADER.SPI is detected on () in domain.
Infected file: C:\Documents and Settings\\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xsdb79z.default\Cache\27DC786Fd01
Detection date: 11/14/2007 11:47:54
Action: Virus successfully detected, cannot perform the Quarantine action
I should add that we are using Trend Micro OfficeScan version 8
We are getting this too;
13/11/2007 9:49:51 TROJ_DLOADER.SPI _ZGl2aTRpMG4_a2V5aW5fYW9fNDY4M18yNzk4XzIzNThfYW9fX2FvXzM5NThfMF8xMDIzMl9hb18_a2V5aW4_[1].exe C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\G527WXMJ\