Removing Glennis Virus

[-HP-]

Warning: The virus is a keylogger. Watch out.

Yesterday, Glenni posted a thread in off-topic which was supposedly a java game. It wasn't. Many of you that opened it may be infected with a virus, and here's how to remove it.

Everything with an icon like this is the virus:

Be aware though, just because it doesn't have that icon it doesn't mean it's not the virus.

How to remove:
First of all, clear temp. internet files. Also start>run>%temp% and remove all files there. Someone said they got a vbscript there, and it's best to be on the safe side.
Next, go to regedit and find "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run". If you have something there called "winlogonuser", delete it. Don't remove winlogon. Only winlogonuser. Now find the path where winlogonuser is located, for me it was "C:/Programdata/Microsoft/Windows/Start%20Menu/Programs/Startup/", which contained Run.exe and winlogonuser.exe. Remove both.
Next, navigate to "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run". If you have svchost there, delete it, and find the path where it was located. For me and Bull it was in %appdata%/Microsoft. I also had four other files there, run.exe, server.exe, out.exe and 3minrun.exe. Delete all of them.
There is also a copy of winlogonuser in C:\WINDOWS\system32\. Delete it.
Last, do a search for some of the files you have already deleted, like winlogonuser. They may hide other places.
Reboot.
If you haven't already, run a full virus scan.

I found another instance of winlogonuser in C:\WINDOWS\system32\
You should also run "msconfig" and uncheck startup items "dumprep 0 -k", "svchost", "winlogonuser"x2, and "Run".
The svchost there is fake, because a real svchost that Windows creates will never show up in startup.
Also nearly everything you find that seems weird and has a strange skull-like icon, it's probably part of this virus.

Please note, I'm not 100% sure that this will remove everything. It may have infected other places. I'd enourage a reformat, as well.

Steam Account Warning
Guarantee he was after steam accounts. Change your passwords on a different computer unless you have reformatted yours (to be 100% safe). The keylogger doesn't look that complex, but it's still better to be on the side of caution.

[Whosdr]

What does this virus do?

[Wizard of Ass]

Does that virus also affect WIN7 because I clicked it and I didn't get any virus(these files).

[-HP-]

What does this virus do?

It made my computer hang for a few seconds once in a while, but what it did is unknown. Perhaps it's a keylogger that was sending data, perhaps it was reproducing itself. Either way, it's best to remove it.

[Whosdr]

I never allowed anything from that site to run, so I think im safe. I trust AVG. It checks all new data.

[-HP-]

I never allowed anything from that site to run, so I think im safe. I trust AVG. It checks all new data.

I have AVG. I still got it.

[nath-g]

Will glenni get banned for this?

[-HP-]

I just got another alert from svchost - 2009-11-29_1657
Obviously, this doesn't remove everything.

[nath-g]

I sure won't be clicking that link if it is still there.

[-HP-]

Bull and I are currently working on finding all related files and eliminating them.