Downloader.AQW trojan removal

Hi All,

I'm making this post for others who may have the same problem.

Recently I gained a trojan on my XP Home machine. I have several anti-virus
scanners, but AVG was the only one of my set that recognised it as a problem
(it could heal, but not remove the problem). The symptom is that a file is
created in the Windows\System32 directory named Idxxxx.tmp where xxxx is a
random character string which AVG recognised as a trojan. Further more this
file gets opened and associated with winlogon.exe and so cannot be deleted.

A bit of Googling revealed that this is a downloader trojan, McAfee
describes it of type Downloader.AQW and that a registry entry is made:

http://vil.mcafeesecurity.com/vil/content/v_137110.htm

Sure enough, there was indeed an entry in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\explorer\run
"wininet.dll"="dfrgsrv.exe"

This had to be deleted in safe mode, otherwise it just got put right back.
Since then the problem has not returned.

Mark.

(for the benefit of search engines: Id????.tmp <random string>.tmp virus)