Dupator:
- Copies the Kernel32.dll file from the \Windows folder to the \System folder.
- The virus appends itself to the Kernel32.dll file in the Windows folder and points the exported function call, GetFileAttributesA, to the viral code.
- Once you have restarted the computer, the virus uses the infected Kernel32.dll to infect the Windows PE files and .exe files
Boottimescan should take care of it. Depending on how far the infection is spread, you may have to do a repair of the OS after cleaning and perhaps reinstall some applications.