Renater our network provider reported these requests, saderuikuntunyesdea.com being a know warezov domain:

GET http://281.saderuikuntunyesdea.com/1/2772/ - DIRECT/75.126.27.140 text/html
GET http://281.saderuikuntunyesdea.com/chr/IM/map.scr - DIRECT/75.126.27.140 text/plain
GET http://2298.saderuikuntunyesdea.com/2/4460/picture.pif - DIRECT/75.126.27.140 text/html
GET http://2298.saderuikuntunyesdea.com/chr/IM/picture.pif - DIRECT/75.126.27.140 text/plain

The lady who used the computer at this time couldn't actually remember what were the messages sent to her on ICQ, but she certainly didn't remember clicking on any of them.

I couldn't find any information linking warezov and ICQ. According to Sunbelt warezov is a mass mailing worm that carries an infected attachment and spreads by sending a copy of itself to every email address in the victim's computer.

Anyway, i downloaded the map.scr and picture.pif files and submitted them on virustotal.com:

AntiVir              7.3.0.19   12.21.2006      Worm/Stration.AH
Authentium      4.93.8       12.20.2006      W32/Warezov.gen4
Avast   4.7.892.0       12.20.2006      no virus found
AVG     386     12.20.2006      I-Worm/Stration.BKR
BitDefender     7.2     12.21.2006      Trojan.Dropper.Stration.VD
CAT-QuickHeal   8.00    12.20.2006      I-Worm.Warezov.et
ClamAV  devel-20060426  12.21.2006      Worm.Stration.XC-8
DrWeb   4.33    12.21.2006      Win32.HLLM.Limar.based
eSafe   7.0.14.0        12.19.2006      Win32.Warezov.et
eTrust-InoculateIT      23.73.93        12.21.2006      Win32/Stration.Variant!Worm
eTrust-Vet      30.3.3267       12.21.2006      no virus found
Ewido   4.0     12.21.2006      Worm.Warezov.et
Fortinet        2.82.0.0        12.21.2006      W32/Strati.ET@mm
F-Prot  3.16f   12.20.2006      W32/Warezov.gen4
F-Prot4 4.2.1.29        12.20.2006      W32/Warezov.gen4
Ikarus  T3.1.0.27       12.21.2006      Email-Worm.Win32.Warezov.dw
Kaspersky       4.0.2.24        12.21.2006      Email-Worm.Win32.Warezov.et
McAfee  4923    12.20.2006      W32/Stration@MM
Microsoft       1.1904  12.21.2006      no virus found
NOD32v2 1932    12.20.2006      Win32/Stration.TU
Norman  5.80.02 12.20.2006      W32/Stration.CQW
Panda   9.0.0.4 12.21.2006      W32/Spamta.PL.worm
Prevx1  V2      12.21.2006      no virus found
Sophos  4.12.0  12.21.2006      W32/Strati-Gen
Sunbelt 2.2.907.0       12.18.2006      W32.Stration.DB@mm
TheHacker       6.0.3.135       12.20.2006      W32/Warezov.et
UNA     1.83    12.20.2006      I-Worm.Warezov.et
VBA32   3.11.1  12.20.2006      MalwareScope.Worm.Warezov.1
VirusBuster     4.3.19:9        12.20.2006      Trojan.Opnis.Gen.29

It's abviously a piece of warezov. I reported it to f-secure with my little story and then contacted me back saying the files i submitted didn't have any IM related routines. They said the virus was probably not sent on ICQ but rather in a mail. But a few days later another user reported weird messages on ICQ and this time, she sent them to me:

check this http://7692.seruijingandeshijinpos.com/1/3030/
check this http://9842.seruijingandeshijinpos.com/1/4619/

Interesting.. this time we're sure it's coming from ICQ and that it's a warezov even though seruijingandeshijinpos.com isnt a know warezov domain (yet). I reported this to my contact at f-secure and am still waiting for an answer...