I have a client whose 2 PCs got infected.
When they go to yahoo webpage in Singapore -> Finance -> Currency Converter, there is a pop up at the bottom of the page.
Do you want to open or save OAD_Comscore_NoID2.js from secure-ds.serving-sys.com?
I went into Control Panel, Internet Add-Ons, Registry.
Malware scan also did detect it.
Any idea on how to stop this?