This malware is distributed by trojan downloaders; it downloads and runs many other malware components. This brief description is only about the component Trojan.Renos.I.
It displays a red cross on the right bottom corner. When you move your mouse there, the message "Your computer is infected" appears. It copies itself to \Winstall.exe and creates this Registery entry :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winstall = C:\Winstall.exe.
Disinfection:
1/ Stop process winstall.exe. If the machine have not been rebooted since the virus installation, you have to stop the process has similar name to the file you got the virus, generally tool2.exe.
2/ Run command line.
3/ Stop the process Explorer.exe. The background and the Start menu disappears.
4/ Start explorer.exe. Now the background and the Start menu are visible again.
5/ Remove infected file and its Registry entry.
| 
Nem
Low
