I may get some heat for posting this, but if you are tech savy, this approach works for me most all the time. Warning: Only try this if you are tech savy. Try at your own risk.
I've found that most all virus of this type install themselves as a DLL or EXE file on your system and can be found and dealt with rather easily. It's easy because the writers of this maleware are rather lazy and simply dump the offending program or library files into \windows\system32, and because the files will have the date/time of the infections.
So, if you know roughly when you were infected, and especially if you were JUST infected, you can do the following (at your own risk, a little technical, NOT for the faint of heart):
1) Boot your XP or Vista computer into "Safe Mode" (press F8 between the bios and the windows bootup screen).
2) Once in Safe Mode, open a command window.
3) From the command prompt execute: cd c:\windows\system32
This will change to the C:\Windows\System32
4) From the command prompt run: dir /o-d /p
This command will list the files in windows\system32, starting with the newest first, and
lists them a page at a time.
5) In the first few files of the listing look for very recently dated files, dated at the time you think you got infected, especially files with .dll extension.
6) Within the listing you are looking for a suspect file. Something with a longer than 8 character filename, or a very short, cryptic filename is typically a good contender. For example, we had the Anvir malware that also tried to sell us a virus removal tool, and that beast put the file UpdateCheck.dll in System32. If you find such a file, simply rename it's extension via the following command (change the name of the file as needed):
ren UpdateCheck.dll UpdateCheck.bak
The above step is all you need to do to essentially DISABLE suspect DLLs, or EXEs. But again, you have to know what are suspect files. Make sure to "jot down" the name of the file somewhere for reference in the step 9.
7) Once that is done, simply reboot as normal and see if that clears things up. It may take a couple of attempts at different suspect files. If something in your system STOPS running properly, repeat steps 1-3 above, and rename the .BAK file back to its original file extension and reboot.
8) If everything is back to normal, then you found the (or should I say, a) file that is causing issues and installing/running maleware. You CAN stop there, or, perform the next few step too for even further cleanup...
9) (optional and VERY dangerous if you aren't sure of what you are doing...) Run: REGEDIT (from the run command of the start menu), and once inside that app perform a search against keys, values and data, looking for the name of the file found in the previous step (e.g. UpdateCheck.dll). If you find any class items, or other items within regedit related to this file, simply DELETE those entries.
Good luck.
Tom
.
