来自http://www.joyiex.com/的病毒？？！！

请帮帮忙，在一次msn messenger 聊天当中对方出现连去http://www.joyiex.com/的连接，去了后就中招了，当我和朋友聊天时也会自动出现要求朋友去探访这个网页的欺骗信息，Task Manager也被disabled了，到底这是什么病毒阿？怎么消除呢？

(/(^o^)\)

请查阅旧贴，有人中过。。

毕

alpha

http://chinese.cari.com.my/myfor ... ge=1&highlight=

alpha

http://virusscan.jotti.org

File:         520.exe.txt        
Status:         INFECTED/MALWARE
MD5         db0dfa99c6d12f357362e5330dfd2485        
Packers detected:         FSG
Scanner results
AntiVir         Found nothing
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found nothing
ClamAV         Found nothing
Dr.Web         Found Trojan.DownLoader.4319
F-Prot Antivirus         Found unknown virus (probable variant)
Fortinet         Found nothing
Kaspersky Anti-Virus         Found IM-Worm.Win32.Lewor.s
NOD32         Found a variant of Win32/Lewor
Norman Virus Control         Found Sandbox: W32/Malware; [ General information ]

* File might be compressed.
* **Locates window "TM [class HK]" on desktop.
* **Locates window "joyiex [class ddqxyz]" on desktop.
* **Locates window "win9x [class soft]" on desktop.
* Creating several executable files on hard-drive.
* **Locates window "NULL [class #32770]" on desktop.
* **Locates window "NULL [class RichEdit20A]" on desktop.
* **Locates window "NULL [class AfxWnd42]" on desktop.
* **Locates window "NULL [class RICHEDIT]" on desktop.
* **Locates window "·¢ËÍ(&S) [class Button]" on desktop.
* **Locates window "ËÍѶϢ(&S) [class Button]" on desktop.
* **Locates window "panel1 [class tpanel]" on desktop.
* **Locates window "mainpanel [class tpanel]" on desktop.
* **Locates window "NULL [class tpanel]" on desktop.
* **Locates window "NULL [class tucpanel]" on desktop.
* **Locates window "·¢ËÍ(&S) [class tucbutton]" on desktop.
* **Locates window "editpanel [class tpanel]" on desktop.
* **Locates window "NULL [class trichedit2]" on desktop.
* **Locates window "NULL [class cuteedit]" on desktop.
* **Locates window "NULL [class DirectUIHWND]" on desktop.
* **Locates window "NULL [class richedit20w]" on desktop.
* **Locates window "NULL [class AfxOleControl42]" on desktop.
* **Locates window "NULL [class NULL]" on desktop.
* **Locates window "Windows ÈÎÎñ¹ÜÀíÆ÷ [class ThunderRT6FormDC]" on desktop.
* **Locates window "NULL [class TKillqqvir]" on desktop.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\OSRSS.exe.
* Creates file C:\WINDOWS\SYSTEM\he1p.exe.
* Creates file C:\WINDOWS\SYSTEM\she11.dll.

[ Changes to registry ]
* Creates value "ctfnom.exe"="C:\WINDOWS\OSRSS.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system".

UNA         Found nothing
VBA32         Found nothing