Troj/Optix-Kill

Please read the instructions for removing Trojans.

Check for the files winstart.bat and winfile.dta in C:\windows and delete them if they exist.

Windows NT/2000/XP

In Windows NT/2000/XP you will also need to delete the following registry key. The removal of this key is optional in Windows 95/98/Me.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

and delete any references to any file you deleted.

Close the registry editor and reboot your computer.

Troj/Optix-Kill copies itself to C:\windows\spool64.exe and C:\windows\winfile.dta.

It adds a registry key in

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

to ensure it is run on system startup.

It also creates the file C:\windows\winstart.bat with instructions to copy winfile.dta to spool64.exe to further its chances of remaining on the system.

While running it will perodically close any anti-virus product, personal firewall or system utility it knows about.