I went to the msconfig and checked the reboot tab (I don't know how it's called in the English version), there I found these suspicious .exe files: kav32, snapple, winregs326a and systemreg. A search on google told me it was a variant on the Win32.RBot worm (everything but the snapple I believe).
I ran an online scan with something called eTrust, but I forgot how I found it. It discovered three variants: Win32.RBot.CC2, Win32.RBot.BVE and Win32.RBot.CFV. It was unable to delete or cure them. They were in the TFTP file in my system32 folder. I also forgot to write down which ones, and there appear to be a lot of TFTP files there.
Is there any removal tool? I'm practically a geek and if I have to mess around with registry keys/files whatever, I'll need a very good step-by-step guide...
I'm going to post this on HijackThis.
Edited by kikkertje, 11 May 2005 - 07:42 AM.