This trojan horse has raised it's head again. New variant reported/added to definitions by AVG June 22/23, 2007.

Note that this was not detected by Symantec Corporate edition with latest updates. Was detected, but not cured by AVG. AVG also deleted sfc.dll in my Windoze/System32 directory.

After many hours of searching the web and hair pulling, here's the best removal I was able to come up with.

If you look at http://www.symantec.com/security_response/writeup.jsp?docid=2007-052710-0541-99&tabid=2
you will get the removal hints for a prior variant. Good start to getting your registry cleaned up. In addition, look at your windoze folder (probably WinNT under W2K). You will see a hidden, system file called srvrmgr.exe with a June 2007 date. This be the malware in question. Rename it. It also appends itself to the registry entry HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/WinLogin Shell (should just read explorer.exe). AVG did clean up the rest of the problems, but until this guy gets blown away, this trojan will reinstall itself.