Well, the kids computer is still free of any DOS popups,
BUT I did some more checking for the files that this worm/trojan kept dropping into her C:documents and settings folder, and there was
MC2.exe and
winstall.exe in C:windows.
I checked their properties and they were both DOS executable files.
I then checked the other "clean" computers in the house and none had these files.
I could delete the MC2.exe file but not the winstall.exe file, it would claim in was inuse.
I booted to safe mode and deleted the winstall.exe file.
Returned to the kids profile.
No DOS windows.
I have now installed Windows Live Messenger. It logs in fine.
So far all is well.
Quite a number of the kids friends have this worm/trojan now.
I did some more web searching and apparently this thing tags a message to the effect of "Is this your picture? click this link" onto the senders messages without the sender knowing it.
The receiving person thinks it is a good link from a friend and clicks it to get the worm/trojan.
I have just been volunteered to 'clean' my kid's friend's computer. Oh well.