Computer experts shut down Friday a server in Russia that was infecting machines with a virus after malicious code on normally friendly Web sites had them requesting the virus.

News.com reported that while computers were still searching for the server, they weren't able to download anything from it.

Microsoft advised Internet Explorer users Thursday to tighten their secruity settings to combat a large-scale Internet attack against thousands of popular Web sites.

VIRUS PROTECTION Security: Microsoft security GENERAL PROTECTION E-mail:Cyber Alerts Download:Virus Definitions Download: Other Tools Download: Securities Update Vault REMEMBER: Don't open e-mail attachments that end in .vbs, .pif or other unfamiliar extensions. Even if the e-mail appears to come from a trusted source, it could be someone "spoofing" an address. Confirm it's from who you think it's from before you open.

Government and industry experts said the viruslike infection tries to implant hacker software onto the computers of all Web site visitors. That is, just by visiting a usually trustworthy site, your computer could be infected.

The information from Microsoft says that users can search for file names Kk32.dll or Surf.dat on their computers to see if they have been infected.

Security experts said that sites such as those for financial institutions and auction services were victims of the attack.

Industry experts and the Homeland Security Department studied the infection to determine how it spreads across Web sites to find adequate defenses against it.

The infection appears to target at least one recent version of Microsoft's Internet Information Server, IIS 5, which is popular among businesses and organizations. It also uses a hole in Internet Explorer that Microsoft has not patched.

The U.S. Computer Emergency Readiness Team said the problem adds a piece of JavaScript to the bottom of pages that accesses another server.

That server then installs a Trojan horse on visiting computers that can record online activity and give access to your computer to someone you don't know.

The Internet Storm Center said on its Web site that the attack could be a group attempting to develop a network for sending spam. The Associated Press reported that it might be aimed at stealing credit card and other valuable financial information.

US-CERT said earlier that disabling JavaScript would prevent this activity from affecting a user's system, but it could likely make some sites that use JavaScript, including WGAL.com, appear incorrectly.

Some of the problems could be with navigation controls, advertisements or the general look of the page.

WGAL.com is very unlikely to infect your computer, according to technical experts. Pages are not served through the Microsoft product.

The attack's effects are said to be unusually broad, but are not substantially interfering with Internet traffic.