The virus consists of the following. C:\Windows\system32\fservice.exe and C:\Windows\services.exe The virus is a key logger. It sends an email message every time a connection to the internet is made. It blocks the Windows XP Protect Shield and System Restore services. Removing the virus: 1. Kill fservice.exe - Use TASKKILL /F /IM fservice.exe - If it doesn’t work on the first attempt, use NTSD -P [PID of fservice.exe] then quit the debugger to kill the task. 2. Kill services.exe - Kill the bogus one not the genuine services.exe - Follow procedure in number 1. 3. Delete all occurrences of fservice.exe and the fake services.exe - Do not delete the real services.exe found in C:\Windows\system32 4. Clean the registry for entries containing fservice.exe and the fake services.exe