Hi mrkefly & Raman,
First upload to virustotal to establish what virus we have at hand.
In the case of zhelatin go here:
http://www.pspl.com/virus_info/worms/zhelatinch.htmIf it is not the zhelatin worm but rather Amara-virus , then below are the manual removal instructions for this Amara malware:
MANUAL REMOVAL INSTRUCTIONS
Terminating the Malware Program
This procedure terminates the running malware process from memory.
1. Open Windows Task Manager.
On Windows 9x/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the Processes tab.
2. In the list of running programs*, locate the process:
Svchost.exe
3. Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4. To check if the malware process has been terminated, close Task Manager, and then open it again.
5. Close Task Manager.
*NOTE: On systems running Windows 9x/ME, Windows Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from System Files
A malware may modify system files so that it automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.
1. Open System Configuration Editor. To do this, click Start>Run, type SYSEDIT, then press Enter.
2. In System Configuration Editor, select the WIN.INI window.
3. Under the [windows] section, locate the line that begins with:
run =
4. From the same lines, delete the malware path and filename:
C:\%Windir%\svchost.exe
*where %Windows% is the Windows directory, which is usually C:\Windows or C:\WINNT.
5. Close System Configuration Editor and click Yes when prompted to save.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
polonus