Well whaddya know! McAfee just picked up BRAZIL.PIF in my Windows directory! It doesn't seem to have activated, since none of the other files or registry entries that it spawns are present on this 98SE PC or other other 98 PC that is occasionally brought onto the network (the other machines are XP Pro and Suse Linux 8.1). All (few) shares are strong password protected and mostly r/o. The appropriate M$ patch for 98SE has been in place for ages. The firewall shows no udp/137 probes (plenty of others), all un-needed ports are closed and open ports are filtered. AV/firewall is religiously up to date. JPSoft's local port scanner shows just about everything is closed and Ad-Aware shows clean. Mailwasher cleans out the crap before Outlook 98 downloads it and HAWK and the scanner check everything that comes in.

Now how in the hell did it get there?

Two good links, but I'm no nearer an answer:
http://www.mynetwatchman.com/kb/secu...rts/17/137.htm
http://www.dslreports.com/forum/rema...ty,1~mode=flat