A computer I am fixing has the Vundo or MS Juan virus, according to sources it seems to have embedded itself in lsass.exe since upon startup I receive several DLL errors (halojoge.dll) and I receive lsass.exe is not a valid windows image. SuperAntiSpyware and AVG seem to detect it but does nothing, I cannot restore to a previous point either. I have included a Hijack This log, and any help would be appreciated, I would love to remove this without having to reinstall Windows. Is this possible? Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:39:18 AM, on 3/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Unfortunately, as good as HJT is, Vundo, Virtumonde, MS Juan and other variants have been coded to hide alot of their processes from HijackThis. The program needs to be renamed during the download process and again during the install. You shouldn't need to run HJT again, just the SAS and MBAM scans in safe mode. Restart, update then run again.