How do I remove Win32:Trojano-2365 [Trj]

[ProSecurity]

Hey guys, I need your help. I've Win XP Home, Avast 4. I update the virus DB regularly. Since the last 3 days a trojan horse is galloping on my system - Win32:Trojano-2365. I've installed Win XP SP2 but am not able to activate the windows firewall + when i switch users in XP it prompts for a "CODE" which i dont know. I don't ahve any login specific password! Please help me remove the Trojan. The file that is affected is:
C:\WINDOWS\system32\remon.sys

Please HELP! 

[FreewheelinFrank]

Hi ProSecurity,

You have a rootkit infection. Try the Sophos removal tool or the instructions from Trend Micro:

http://www.sophos.com/support/disinfection/tilebotw.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ROOTKIT.S&VSect=Sn

If you installed SP2 after being infected, you should uninstall it, ensure you are thoroughly clean, then reinstall it.

You should run scans with Ad-Aware, Spybot Search & Destroy and Ewido anti-malware scanner as well as avast! before reinstalling.

Good luck!

[DavidR]

Prevention is the best means of defence, rootkits are nasty and very difficult to get rid of, if you can prevent it getting established in the first place it is likely to be easier to get rid of.

Many viruses/malware try to instal themselves in the system folders in XP you need permission to do that, however if you are logged on to an account with administrator privileges, they can inherit your priviliges.

Once you have drained the swamp, you might want to check out the DropMyRights link in my signature.

Check the links in this thread http://forum.avast.com/index.php?topic=16982.0