There is no record of earlier variants of this virus doing anything to block Norton, although there are several others that have been around recently that do try to disable Norton or any other AV on the machine. It is possible, if this one got "launched" on your machine, that you have more than one virus.

If you are using WinME, Win2K, or WinXP, all of which include "automatic backup and restore" services, it is essential that you TURN OFF SYSTEN RESTORE, before you try to clean up this one. (System restore is the WinXP, and I believe WinME, version. It's called something a little different in Win2K.)

Since this virus makes changes to the registry that you must manually remove, System Restore will detect that the registry has changed the next time you reboot. It will try to restore any differences between what you have at boot to the "last known good" copy it made of the registry. (It will add back in, any keys that were in the backup that aren't in your "new" registry.) If the virus was already written when the system restore backup copy was made, it will reinstall the virus the next time you start the machine.

When you turn off System Restore, it deletes all backup copies of the registry that it can use to put the virus back. Even when (not if) you turn system restore back on after you get cleaned up, it cannot use the registry backup that you should make manually before you do your changes to the registry. You should make the manual backup, since if you really, really, really, screw up during your edit, it may be useful to restore, even if it means putting the virus back in order to get to a fresh start; but you do NOT want Windows to be able to do a restore automatically.

Step 1: Go to Nortons site (or your AV provider) and find "your virus."

Step 2: Print a PAPER COPY of the COMPLETE instructions for removal.

Step 3: While you're at the site, READ the instructions and follow any links to supplemental instructions you may need. PRINT a PAPER COPY of any of these.

Step 4: Follow ALL of the instructions. You should MARK each step with a "check mark" when you are ready to start that step. When you have completed that step, put a "slash" (\) through the stem of the check mark to turn it into an "X."

For this virus, and in general for anything that requires registry changes, the "generic procedure" is:

1. Turn OFF System Restore.

2. Terminate the "running instance" of the virus. For early versions of Windows, this means boot to Safe Mode (which doesn't execute the Start/Startup files). For WinXP, Ctl-Alt-Delete to bring up File Manager, Click the "Processes" tab, find the one you want, and "End Process." (Once you have done this step, you must not reboot until you've finished the cleanup.)

3. Repair (if necessary), and UPDATE TO THE LATEST AVAILABLE, your AV program and its signature files. If your program is "broken" and you can't repair immediately, use one of the online free Virus System Scan sites.

4. Do a complete system scan, and repair any problems found by the AV.

Norton classifies this one as "Removal: Easy," and it should be if you follow the script exactly as it's given.

John