Latest wave of worm variants has been extremely tiring. I have been working since yesterday trying to come up with a solution. In the process I discovered and fixed two bugs in AIMFix that apparently have been there since version 1.5 but evidently stayed dormant until an exact set of circumstances arose. I think AIMFix should be working to remove the items I posted about yesterday, but it definitely will require at least one reboot to make sure the changes take effect. Unfortunately malicious code doesn't care much about unloading itself from memory so a reboot is often the only way to kill it from running.

The other reason I'm writing is to mention that in many cases, the worm disables the Windows firewall and System Restore - but through Group Policy, preventing the user from re-enabling them. Unfortunately, since this is a policy setting, even after the virus is removed, both items will still be disabled. To resolve this you need to use the group policy editor to re-enable both:

http://www.windowsitpro.com/Article/ArticleID/47381/47381.html
http://www.pchell.com/virus/systemrestore.shtml (See the last part of the page for Group Policy editing).

In addition to the above, AntiVirus applications may be disabled/deleted, Internet Explorer security settings may be lowered, etc. I can't of course provide solutions for every possible potential problem, but you should always verify your security settings after any breach of the system. Of course, the only real cleaning method is to completely reinstall the operating system or restore the entire system from backup.

-Jay