We had to shut down all the public PC's again this morning, for about an hour and a half. This was a new one. Rather than disguising itself as an anti-virus scanner, it prompts users to install a "browser update", (in poor English). A user asked for help with it, and as I was showing it to MK, another user got it. MK called downstairs, and it was popping up there too.
I wished I had taken a picture of it, but I found the above image online, from a June 2nd warning to users at the Chicago-Kent College of Law. There is a good account of this virus at the TrendLabs Malware Blog from June 8th, The Worm, the Rogue DHCP, and TDL4, with a handy Infection Diagram.
Apparently, it often propagates via removable Flash drives. Staff received e-mail afterward cautioning us not to put users' Flash drives into staff PC's. (Sometimes people will ask if we can print something out for them when they are in a hurry and there is a wait for a public PC.)