First, see if a boot scan will remove the virus, if not, try this (from
http://www.sophos.com/security/analyses/trojconhookb.html):
Windows XP/2003
You will first need to prevent use of the following registry entry, if it is present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. Select 'My Computer'. On the 'File' menu, click 'Export'. Save your registry as Backup.
Select HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Right-click '<Trojan_entry>'
Select 'Permissions'
In the 'Permissions for...' dialog, click 'Advanced'
In the 'Advanced Security Settings for...' dialog, deselect 'Inherit from parent the permission entries that apply to child objects.'
In the Security dialog, click 'Remove'
Click 'OK'
Click 'Yes' to deny everyone access to the key
Click 'OK'
Close the registry editor.
Follow the Safe Mode with Command Prompt instructions for removing Trojans. \
Re-open the registry editor to delete the Trojan registry entries.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Select HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Right-click '<Trojan_entry>'
Select 'Permissions'
In the 'Permissions for...' dialog, click 'Advanced'
In the 'Advanced Security Settings for...' dialog, select 'Inherit from parent the permission entries that apply to child objects.'
Click 'OK' twice
Right-click '<Trojan_entry>'
Select 'Delete'
Click 'Yes' to delete the key
Close the registry editor.
