	<p>There is a new virus out at the moment that is more difficult to remove than most.
Symptoms are two services:</p>

<blockquote>
	<p>O23 - Service: Windows Genuine Advantage Validation (wgav) - Unknown owner -
	C:\WINDOWS\system32\wgav.exe<br />O23 - Service: Windows TCP/IP Socket Driver (winsck) -
	Unknown owner - C:\WINDOWS\winsock\csrss.exe</p>
</blockquote>

<p>These two services work in tandem and the winsock\csrss.exe is set to launch at
startup through the &quot;userinit&quot; and &quot;shell&quot; registry keys where it can
recreate the services and entries. I have updated AIMFix to attempt and remove these
services and associated files/entries as completely as possible. Hopefully this will be
successful. If it is not, then I will have no choice but to work on something more low
level such as a direct kernel module that will have permission to remove these items.</p>

<p>For now I will be crossing my fingers and hope that the existing update is enough to
resolve the problem, since writing a kernel driver is going to be a much more complicated
and time-consuming undertaking.</p>

<p>-Jay</p>