Today I encountered this on our network, it messes with our VPN and other remote services. This is the solution I found to resolve it. Also if you have a vpn program you use it is suggested to remove it and reinstall it as the infector can corrupt it.

Download the following:

Combofix http://www.bleepingcomputer.com/download/combofix/ rename to cfix.exe (click the blue download button)
TDSSKiller http://support.kaspersky.com/faq/?qid=208283363 rename to tk.exe
SUPERAntiSpyware Free Edition http://www.superantispyware.com/down...NTISPYWAREFREE rename the installer
JavaRA Java removal utility http://sourceforge.net/projects/javara/


1. Run cfix.exe, agree to all but the recovery console installation. If you are doing this remotely, inform the user that they have to manually complete this part as it terminates all remote connections constantly throughout its use.

2. Once the scan is completed run tk.exe, click change parameters, and check the boxes for the following tabs: System memory; Services and drivers; Boot sectors; Verify file digital signatures; Detect TDLFS file system

3. Click Start Scan

4. Quarantine all, then choose any files to not quarantine only if they are familiar to you and the operation of a program required to function. If you quarantine all you will be able to recover anything you accidentally did not want to remove.

5. Install SuperAntiSpyware, do a custom install and uncheck any useless features and decline the trial of the pro version.

6. Run a complete scan.

7. Quarantine/delete all results

8. Run JavaRA, click additional tasks and put a check in the following: Remove Useless JRE Files; Remove Startup Entry; Remove Sun Download Manager; Remove Java IE BHO; Remove JAVA Console Extention, and click Go.

9. Reinstall java from www.java.com