I was taking a look at someone's computer who had a virus. It called itself "Visa Antivirus Security 2012". It turned out to be ltd.exe. It would seemingly randomly block programs, it turns out it had infected the "open with" option for exe files. Renaming the exe then restoring the open-with references that contained ltd.exe did fix the problem.
I checked the (Firefox) browser's download logs to see if there was an exe in there. But no exes in the log except the other antivirus (Avira) that he was intentionally installed a good while ago.
This ltd.exe modify date is the date of the first boot of this computer today, being the first day of the year. Is there information on other occurrences of this ltd.exe, what its official title is, how is it distributed?
Considering what the user has installed, and that this is a careful user, somewhat computer savvy, I think the most likely cause is a recent vulnerability in Java, bringing some virus scheduled for 2012. But I would like to know.
The user will wipe the hard drive clean.