The search has begun for the creators of the Sasser Windows worm that has wrought havoc this week.
Home users have been hit hard by Sasser
Sasser's core computer code is being analysed for clues as to who might have put the malicious program together.
The worm is said to have infected more than 1 million PCs and caused trouble for net users around the world.
Worst hit seem to be home users and small businesses though some large organisations suffered serious disruption as well.
A Microsoft spokeswoman said the FBI was taking the code apart to see if it bears any information that points to the authors of other viruses.
Finnish anti-virus firm F-Secure published an analysis of Sasser.D and the Netsky.V viruses and claimed there were parallels between the two.
This analysis may not help law enforcement agencies track down Sasser's creators as the authors of the 29 variants of Netsky remain at large.
Hundreds of thousands of PCs have been hit by Sasser
The Sasser worm first appeared on 1 May and estimates vary widely on how many Windows PCs have been infected by it.
Simon Perry, head of security strategy at Computer Associates, said most large corporates avoided the worst attentions of Sasser or quickly moved to limit damage if they were infected.
"Large companies tell us they have it under control and that it either did not hit them or if it did it was isolated," he said.
About 1.5 million people visited Microsoft's Sasser clean-up web page in the first 48 hours of its availability, the software giant said.
Website monitoring firm Netcraft said Microsoft's update site was overwhelmed by the sheer number of people visiting to download a patch.
Whatever the final numbers the worm's four variants have racked up an impressive list of victims between them.
The virus was reported to have hit up to 300,000 machines at Deutsche Post making it impossible for staff to hand over cash.
Machines at investment bank Goldman Sachs, the European Commission and British Airways and 19 regional offices of the UK Maritime and Coastguard Agency all fell victim to Sasser.
Up to 500 computers at one hospital in New Orleans were shut down for several hours and social and health services in Washington state were also hit by the worm.
Sasser struck almost exactly 4 years after the Iloveyou bug
Half of British Airway's computers at the check-in desks in Terminal Four at Heathrow Airport were put out of action leading to delays for customers on Tuesday evening.
One customer of a Perth-based branch of WestPac bank threatened to charge it reconnection fees because he was unable to get his hands on cash ear-marked to pay telephone and electricity bills.
The reports of infections fell off sharply on Wednesday suggesting that the worst of the Sasser outbreak is now over.
But some anti-virus firms cautioned against complacency.
"There is a fear that background radiation of the Sasser worm could be felt for months to come," said Graham Cluley, senior technologist at Sophos.
"The big danger is a raft of new computers that are not protected," he added.
According to Mr Cluley new computers often do not have protection for up to nine months worth of virus outbreaks.
The virus can infect PCs running Windows 2000 and XP that are not patched against the loophole it exploits or do not have a firewall to protect themselves.
According to anti-virus firms machines running Windows 95, 98 and Millennium Edition can help spread Sasser even though they cannot be infected by it.