Be on the lookup gents, there is a new variant of the Antivirus XP malware trojan out in the wild and I've seen it take down 4 systems here on campus this week. (One I had just freshly reformated too...was not pleased)

Infects a lot of stuff like usual, but if you get at it using a combination of Autoruns (from Sysinternals) and Unlocker 1.8.7, you should be able to track down the files and startup entries. Of particular note is the Winlogon entries which I am having a particularly hard time tracking down.

If you have any trouble with this bug, feel free to shoot me an email