To answer your question... I'm not exactly sure. I signed up for three different ones and finally got an email that gave me a direct link instead of a stupid username/password that didn't work (dumb "verification"... 1 hour my butt....)
I *think* this is it... not sure..: http://www.sophos.com/products/small...nti-virus/eval
Here's what all I've done and I think it's worked.... Keep in mind that based on other peoples' experiences... this malware can vary WIDELY. A lot of specific file names people mentioned didn't even exist on my computer. Some people can remove it with bocleaner etc... Some can't. It's a really evil one.
-Turned off system restore
-Scanned system with SOPHOS and deleted found files... it was only one and was found in the C:\\Program Files\\Common Files\\NSIS\
s35.dll <- that number will vary from 0 to 99 and will be 20kb.
-Deleted other file in the folder (the "uninstall" file)
-Searched registry for all NSIS keys and deleted all necessary keys (don't just delete them all... some keys will have words like "consis
t" in them)
-Logged out of that user and logged into another user to see if it was dead.
-NSIS had reinstalled keys and common files folder
-I then found a site that mentioned that it will make a file of a random number between 0 and 99. I made blank .dll files in notepad named ns0.dll, ns1.dll... ... ... ns99.dll then made the entire NSIS folder read only, hidden, and encrypted.
-logged out, logged back in.
-I found that one of the files was no longer 0kb... it was 20kb... it was being used by NSIS...
-Loaded hijackthis! and checked everything. Couldn't find anything suspicious... couldn't find anything I could single out in the running tasks in taskmanager....
I then read more junk online and saw that some people had actually found an entry in the Add/Remove programs. I checked and found nothing. So, I went to the folder where the uninstall file was (in the ...Common Files\\NSIS folder)
I then double-clicked the uninstall icon, but cancelled
when it asked if I was sure (becuase I figured actually using their uninstaller might be asking for more trouble). All of a sudden windows created an add/remove entry. I used add/remove and BLAMMO... No more registry entries... no more common files folder.
Thanks windows XP... I don't know what the crap you did, but it seems to have worked.
In other words, I think I've finally vanquished this foul beast. Hope some of this helps you! I can really notice speed improvements
PWNED! (Those errors are not bad. They're just encrypted files)