Abbey, I'm pleased to hear that you managed to get it sorted. I'm not trying to be a smart arse here as I could get caught myself... but it does underline the point that has been made about not opening attachments unless you know why you have recieved them rather than relying soley on the AV sotftware however good and up to date that software may be.

Incedentally, its action sounds similar to Navidad that was reported here a few weeks ago. Here are a few details from Computer Associates (the makers of free AV softwareI use):

...The worm also attempts to install itself onto the system, and this is where the bug lies.

The worm makes a copy of itself, as "Winsvrc.vxd", in the Windows System directory. It then creates two registry keys which point to a different filename, "Winsvrc.exe":

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Win32BaseServiceMOD = "C:\WINDOWS\SYSTEM\Winsvrc.exe"

HKEY_CLASSES_ROOT\exefile\shell\open\command\(Default) = "C:\WINDOWS\SYSTEM\Winsvrc.exe "%1" %"

Jon