I met this little “gem” today and I was very surprised. It has been a long time since something snuck up on me like that. My detection tools are always updated and I’m very careful about handling downloads and attachments.
The problem is that once infected (and yes, it is an infection) one can no longer use the start menu shortcuts of apps mostly used. One can still launch them from any shortcut on the desktop or from their proper group in start menu, however most of us just press Start and click on our favorite app. With this infection though a popup appears that requests a registration of the Context Menu Platinum program (that I never installed, nor read in any setup dialogue steps which, yes, I do read). The close window button does not work, the Register program closes the popup without launching the app but takes you to a web page that requests anywhere from $400 to $250. All of that of course is moot, because no one requested this program in the first place.
Upon looking on the net, there are three most probable culprits; CompMgmtLauncher.exe, FILEminimizer and EmailOpenView. None of these were the cause in my system. Spent two hours trying to identify the problem using all kinds of tools and monitors etc.
Finally I just did a simple sorting and eyball-1 (look for it with my eyes) on the directories inside Program Files. It turns out that of the four directories modified in the last two days, one was the freeware Movie Subtitle Searcher from opensubtitles.org. Inside that was a directory Application Data and inside that another called Opensubtitles-1.0_1_0_0_0
Inside that was a program ShellMenu.exe with the same icon as the popup. It was of course being used by the system and could not be deleted, so reboot to command prompt, delete the file and all was well and good. After that I uninstalled the Movie Subtitles Searcher, just for the hell of it.