my friends notebook was infected with the virus IM-Worm.Win32.Sohanad.t . Kaspersky antivirus has managed to remove the virus. Also from the registry i have removed all the SVICHOSSST.exe entry from the registry , but now his winxp folder option has been modified(see attached image).When i duble click a folder , it opens the search window or when i double click at mapped drive .. it askes me which application i want to open the mapped drive with. how can i solve this problem? it would be helpfull if you could point me to the right resources to troubleshoot this matter.thankyou.

delete the subkeys of this key in the registry and reboot: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

this should take care of the autorun problem

have you restored task manager, run, folder options & command prompt, that worm should also disable those

yes , i have tried to delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 and it works , but if i create the mapped drive again , the entry will be there again. thats why i need to find the source and delete them. yes i have enable the registry , run , command prompt and folder option. is there any other way to solve this?

can you post a hijackthis log to see if it isn't something else causing this?

download hjt: http://www.merijn.org/files/HiJackThis_v2.exe
save it somewhere and run it, press scan, press save log and copy & paste the log here.

Thankyou very much!
Cam on ban nhieu nha