Brian,
This seems like a brand new virus and A2K is getting thousands of hits from it because it gives a similar message as the blaster worm.
It seems like the major AVC software vendors can't remove it yet (though they should be able to soon) so right now we are in the dark and have to guess at manual means for removal.
http://www.securityfocus.com/bid/10108/solution/ That site describes a vulnerability that probably started all this for you. You should patch that.
See if the trojan dumped the files listed on this Mcafee write up:
http://vil.nai.com/vil/content/v_100930.htm
I'm also finding references to these files in searches:
76FE.tmp.exe
info.dll
update.dll
rasautou.exe
xax.exe
1B78.TMP.EXE
90E8.TMP.EXE
bg2.dll
spmdll.dll
Some report notepad.exe being overwriten so try to use notepad and if it doesn't work delete notepad.exe
If the restarts are coming too fast for you to work on anything run msconfig and from the services tab uncheck "Windows
Security Update (Manufacturer: unknown)".
I have yet to aee anyone report a solution or fix, and not having this infection makes it hard for me to guess while in the dark but this is what I'd do given the info I have:
1) I'd do the msconfig trick above.
2) I'd update my AV defnitions.
3) I'd do a windows update
4) I'd search for the files mentioned above and copy them to a disk and delete them (copying just in case they are false positives).
5) I'd run a full system scan using both your existing AV software and online ones (let me know if you need links for online ones).
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace