make sure your system is fully patched/updated before
removal, as if not, it will come back, also use a firewall.
Here is a removal process.
Hit the "Ctrl-Alt-Del" keys, select Task List, then
Processes. Look for regsvs, regsvr, regsvc32, svhost,
svrhost (not regsvc or svchost which are legitimate) and
if they are there, select and end process.
Do a search on your harddrive (Start: Search: For files or
folders) for the files above. Choose All Files and Folders
and then select More Advanced Options. Make sure seach
Hidden and seach System files and folders are checked. If
the search finds any regsvs delete them and empty the
recycle bin.
The virus modifies your web browser so that it can't get
out to anti-virus sites. You need to edit it. On your
computer get to: C:\WINNT\system32\drivers\etc There will
be a hosts file there. Right click it and Open With, then
select Wordpad. There may be a long list of sites starting
with a 127 after the # lines. The first 127 line is legit
and should be: "127.0.0.1 localhost", delete everything
after that. Then save the file. You may get a warning
about it being text only, which is fine.
Then run Windows Update from the Start Menu.* Install
whatever it recommends. After that process make sure your
Anti-virus defs are up to date.
