Here is Synamtecs Description of W32.trats http://www.symantec.com/security_response/writeup.jsp
Although you seem to be having more trouble than that suggests. It infects your startup programs And sends your info to a remote web server.
One of the files looks like it has infected your system restore folder. Norton will not be able to remove that as windows blocks all access to the System Volume Information folder where system restore is hidden.
To clear system restore:
Right click My computer and open properties, then go to the system restore tab and and check "turn off system restore
on all drives" This will clear the system restore folder on shutdown. After rebooting turn it back on again.
Then start your computer in safe mode and launch NAV there. Run a full system scan and remove the malware it finds.
NAV will not be able to remove two registry keys that are generated by the virus. BACKUP YOUR REGISTRY
, to do this go to Start -> Run: regedit.exe
. Once open click file -> export...
and save the file in a safe place (make sure that under what to export you have all selected and not current branch). Then navigate to and delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"Notification Packages" = "scecli [RANDOM CHARACTERS].dll"
Double click to edit and Remove the [RANDOM CHARACTERS].dll and leave scecli in the box and close.
In some instances you cannot open the registry editor due to the virus, if that is the case then go to this page
and download the the tool and run it. This will fix the problem of opening the registry editor.
Hope this helps!
Edited by Tomo2, 22 January 2008 - 05:01 PM.