Disable system restore.
1. Click Start > Run.
2. Type regedit
3. Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem.
Download and run this tool, and then continue with the removal.
4. Navigate to and delete the subkeys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wudpcom
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_WUDPCOM
5. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
6. In the right pane, reset the value to the original value if applicable:
"EnableDCOM" = "n"
7. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
8. In the right pane, reset the value to the original value if applicable:
"restrictanonymous" = "1"
9. Exit the Registry Editor.