"Wink1.3" Keylogger, help!

[Frozen956]

Hi everyone,

I got infected with this program at a lan, it's called Wink and it now shares all my drives over the network, and allows anyone to edit them (including system files) I can't unshare them because the program or registry entries just keeps sharing the entire drives back again
http://img145.imageshack.us/img145/5780/untitledxk4.jpg

When i right click on my drives and go to the share tab, i notice the share name is: c_winked$

I then searched this into google and came to this page:
http://www.geocities.com/xeus_man/wink.htm
EDIT: What it says on this site:
"Wink is a powerful and silent keylogger. In the current version, once run, it installs and hides itself in the system and starts to log every key typed by the user. It then shares the system folder where it saves the key log and in version 1.2 and later it also shares all the system drives on LAN/WLAN."


Another result from google was this page:
http://www.siteadvisor.com/sites/handyarchive.com/downloads/862783/

which was info on wink 1.2 and what it does, but unfortunetly i tried those steps and the exe isn't the same. (I'm infected with wink 1.3)

I would greatly appreciate it if anyone could give me tips on how to remove this thing, thanks alot

PS: Avast didn't detect any malicious files in /system32

[Lisandro]

I suggest:

1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Use on-line scanners to full computer scanning: Kaspersky (the best!), Trendmicro housecall and/or Ewido
4) It will be good if you download, install, update and run other trojan remover tools: a-squared, Free AVG Antispyware, SUPERantispyware and Spyware Terminator.
5) Maybe you can google to know if there is any specific removal tool for this nasty 

[Frozen956]

Ok, thanks alot for the tips

I'll be sure to try them out 

Can I ask why you would disable system restore?

[Lisandro]

Can I ask why you would disable system restore?

Sure you can ask 
If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. Windows attempts to protect files that are deleted from the system folders (just in case it was an accident), so they can be restored if required. The problem is many malware writers are wise to that and put their files in the system folders, this is also done to confuse you into thinking you could be deleting an important system file.