Del C:

format c: might be more useful

Let's see...

1. Ctrl-Alt-Del, and close all programs from the list except explorer.

2. Locate regedit.exe (or regedt32.exe), and rename it to whatever it was + ".com" (not entirely sure if that's completely necessary, but that'll prevent the virus from running when you start up this registry editor in a moment)...

3. Run this regedit. Browse to HKEY_CLASSES_ROOT\.exe and look at what the (Default) value says. Then go to HKEY_CLASSES_ROOT\(the value you just found)\shell\open\command
That likely has weird stuff in it. Change the default value to . That restores the normal working of executing .exe files.

4. Exit and restore the regedit file to its former name.

5. Run your virusscanner (it should work now). If that can locate and destroy all traces of the virus, you're done, otherwise continue... In any case, the next step is wise to verify.

6. Start up msconfig.exe and untick any suspicious items mentioned in the startup tab.

7. Restart the computer in DOS mode and remove (or rename, just in case you remove the wrong files, or the virus overwrote a good file... Files can't just execute themselves so that should be OK) the evil file(s).

8. type in "win" to start windows again.

It *should* now be removed, although probably not entirely and properly (since I'm not familiar with this virus in particular). Run your virusscanner to remove anything remaining (preferably also in DOS mode) and search their website a bit to find more info on this.

Bollocks, indeed.

The Task Manager screen appears and then vanishes. This is probably the doing of WinServices.exe.

Dunno how to find the Default value, but the window on the right hand side says (when I click on HKEY_CLASSES_ROOT on Local Machine\.exe):

Don't know how to find shell\open\command

download an unknown anti virus software.

AVG 6.0 is a great anti-virus, annd you can get it on the company's webpage for free.

Try this Symantec link.

It should give you details for removal.

Remind me not to download from Zulu

I actually found that, there's just one problem. When navigating in regedit to HKEY_LOCAL_MACHINE\Software\Classes\exefile there is no DefaultIcon, no Shell, no Command. All I get by expanding .exe is PersistantHandler.

No mr besserwisser, I was thinking more in the line of burning the disk in the backyard at midnight...

You said this earlier: This was that default value I was talking about... Was the space between exe and file a typo? If not, look under "exe file" instead.

Go to HKEY_CLASSES_ROOT\exefile\shell\open\command (with or without the space between exe and file, whichever value it is in that unnamed key)

(HKEY_CLASSES_ROOT, by the way is just a "shortcut" to HKEY_LOCAL_MACHINE\Software\Classes\)

If those shell\... etc. values aren't there as you described, create them (right-click on the folder you want the new folder to become a child of).

For DefaultIcon the unnamed key should have value %1.
shell should have a subfolder open and that should have the subfolder command. The unnamed key of command should be "%1" %*.

What do the contents of this "PersistantHandler" say? If the contents refer to the virus file, delete the key.

That's almost as dumb as me accidently downloading Xupiter from Apolyton advertisement.

Just to let everyone know, I fixed the problem.

Azazel, I installed AVG6. Then when I rebooted I couldn't open any .exe file, probably because the virus was using the to piggyback it's way into operation and the antivirus software was preventing that. Unfortunately, that meant AVG6 couldn't run either! I only managed to get Windows Explorer to run by using the command line. However, I was able to use AVG to scan for viruses by Start > Search > Viruses (a new feature put in by AVG6) which then 'healed' the viruses. I then applied a registry fix I found on the net and now everything is back to normal

So, thanks for your help everybody

cool

(I've just noticed this addition in the 'Find' tree myself. good instincts, Zulu )