There is a new variant of this thing hitting machines here locally. I
discovered a fairly simple way to kill it today. With the computer
disconnected from the network (internet) F8 at reboot and start in LNGC then
as soon as you can task manager and kill the processes named sysguard or

Then regedit to current user->software-> if you have spyware protect kill it
if not there then proceed down to Microsoft->windows->current versio and
uninstall spyware protect 2009 and if there is a run for spyware protect
2009 kill it too.

This should get you up without it attacking your AV and antimalware packages
which you should be able to safely update now on the internet and run them
to kill off all the pieces of it it scatters in your computer. FWIW all
three computers I had to clean up in the last couple of days have been
associated with schools. It got past Sophos on one of them, something I
haven't figured out yet.