How to remove Trojan Powelik Manually

WORK AROUND:

Ok, this worked for me. Before trying this fix I recommend you turn off your internet access\wifi to slow it down.

This Trojan runs a line of javascript from the registry key. If you remove this key it will only recreate it. I have a work around, since I cannot locate the program that is recreating this. I located the key by running the latest version of Rogue Killer. It then showed me the path of the registry. I did not delete this through RogueKiller since it will only recreate itself...

The path of the offending virus registry on my computer was:

HKEY_USERS\S-1-5-21-3307227288-2313220994-4118584292-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32

With this you need to move quickly on this part:

1) Delete\edit the two registries. (a) and (default-which will stay but show no value).

2) Then quickly move to this folder (parent of local32):

{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

Right Click file to change\edit permissions.

Uncheck inherit permissions box. (May be under advanced button), then remove all users except yourself, give yourself ONLY read and DELETE permissions (you can always add yourself back later). This MUST be done BEFORE the virus recreates the registry. SO be ready for this. Maybe even practice. Reboot. Log in. Go to Task Man and monitor CPUS. if goes up to 100, repeat this because you did not move fast enough in deleting and changing permissions.

-Megan