Hi

Disabling the Rogue "Virus.Protector" and removing the registry entries is reasonably simple, But searching and removing the files in these locations is quite time consuming

c:\WINDOWS\<random>.exe
c:\WINDOWS\<random>.dll
c:\WINDOWS\system32\<random>.exe
c:\WINDOWS\system32\<random>.dll
c:\WINDOWS\system32\drivers\<random>.exe
c:\WINDOWS\system32\drivers\<random>.dll

The files can have a few file info data, including legit company names like Microsoft Corp. and dates.

I'm slowly collecting the files, still some to get, 129mb, 939 files so far

Quads