|First download and apply the patch against this vulnerability available. The patch is available from Microsofts website at:|
If this patch is not downloaded and applied before disinfecting an infected machine, the computer will in all likelyhood again become infected almost immediatly.
After the patch has been downloaded and applied, find a process called 'penis32.exe' using the task manager, and terminate that process.
Then run F-Prot Antivirus, latest version, with the latest virus signature files available.
F-Prot Antivirus will find all files containing W32/Msblast.C and delete them, if set to delete suspicious files.
The last step is to delete this registry value:
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows auto update'
from the registry using the 'regedit' program in Windows.