Is this a sasser variant?

Can you tell me what virus this is? I have a virus on an old (but important) win2000sp4 computer that seems to act like a sasser: After startup, a small fake password box appears on the desktop with a 10 second system shutdown countdown. If it is clicked on, it puts a timer in the upper left desktop corner, which counts down about another 50 seconds then shuts down the computer, and seems to use a fake "it is now safe to turn off your computer " screen.

Malwarebytes in safe mode or normal (the one time I somehow stopped the shutdown) mode finds nothing. Using "shutdown -a" does not stop the shutdown or just crashes the shutdown.exe program, then it shuts down anyway.

The one google reference I found sounds exactly like this: http://www.techspot.com/vb/topic34623.html , but that was from 2004 and it is hard to believe malwarebytes can't find a virus from 2004.

I am working through your required Run and removal processes, but from safe mode it will likely take me the rest of the day, and I am wondering should I even try to install Spybot search and destroy while in safe mode as it will not be able to update, and if the malwarebytes will cause interference?

Thanks.

 

After much work getting Avast to load in safe mode (it removed several pups but the timer still kept appearing), I used taskmanager to shut off a process ParentalLockGuard.exe and this stopped the shutdowns. Parental Lock guard is a lousy internet safety freeware that was recommended by Cnet.com that I tried for a few minutes then uninstalled about 4 years ago, but apparently it did not fully uninstall. What caused it to reactivate its timer I don't know; perhaps someone is now using it as malware.

I searched for the ParentalLockGuard.exe, deleted it, and since have not had any problems.

Thank you for your help.