A virus-like Trojan horse is infecting computers belonging to students using AOL Instant Messenger (AIM), the popular Internet chat program.

The malicious code, going by the names RealPHX, Talkstocks.net and Trojan.Sinkin, now accounts for one-third of all ongoing complaints at ResCom help desks on campus, said Clifford Rodack, network coordinator for residence halls.

The code, first reported on campus almost two months ago, spreads by inserting links into AIM user profiles. If another user clicks a link, he is taken to a Web site and his computer is infected as well.

The code can affect all versions of Microsoft Windows, including 98, ME, 2000 and XP, Rodack said.

After installing itself, the program can install other spyware programs, which transmit information about the infected machine across the Internet.

Spyware can also produce unwanted pop-up advertisements, including pornographic material.

There is a difference between a computer virus and a Trojan horse, said Gerald Santoro, assistant professor of information sciences and technology. A computer virus is typically a piece of program code that can be appended to an existing program or in many cases appended to a data document. You can get a virus that's appended to electronic mail, but if you don't open an attachment, you'd be safe.

A Trojan horse, on the other hand, is created when a programmer puts harmful code, such as spyware, into an otherwise useful program like AIM. Anti-virus scanners are capable of detecting both viruses and Trojan horses, Santoro said.

Norton AntiVirus will detect the Trojan horse and remove associated files.

It cannot, however, remove the files installed by the spyware applications, Rodack said.

Two programs available on the Internet, Spybot and Ad-aware, can remove the additional unnecessary software.

To remove the virus, students should make sure they have the latest definitions for their anti-virus software, Rodack said. Computers should then be booted into safe mode by pressing the F8 key while the machine is booting up.

Once in safe mode, students should run a full system scan on the infected hard drive, then reboot into Windows normally.

Rodack also recommends installing the latest patches from Microsoft Windows Update. A patch recently made available on that Web site makes computers immune to this particular attack, he said.

"If your machine is patched with all the latest updates, and your anti-virus program is set to automatically update its definition files, you will be safe from all known worms and viruses," Rodack said.

Lindsay Kepics (freshman-communications), whose computer was infected, said she needed ResCom's assistance in returning her computer to normal.

Her computer became infected in the typical way: "I had noticed a couple of my friends had it in their profiles. I thought it was a link to a funny Web site, so I clicked on it and my computer became infected," she said.

The spyware "totally wiped out my profile and put in a link. It also gave me a porn toolbar on my computer and it had an insane number of pop-ups all of a sudden," Kepics said.