If it helps, my computer repair shop just got this bug in. Just now manually removing it.This is what I discovered about this strain:
8-char name can be found on vista/7/8 under:
Load points at:
To run the 8-char.exe from the infected users My Documents folder.
Also located the re-infect mechanism at:
HKEY_Users\S-long string but not the Class one\Software\Microsoft\Command Processor
After removing these files and registry entries, the system starts up without an explorer shell, but does spawn a command prompt, so you can simply type "explorer". Obviously this is not completely fixed.
Still trying to trace down removing the command prompt from spawning instead of an explorer shell.
Edited by bloopie, 19 May 2013 - 05:28 PM.
Moved from Logs forum to AV Protection area. ~bloopie