Radio Psychedelica

"The Dead have no motivation"
Kai's sulky refrain from season two of Lexx ran endlessly through my head for the last two weeks as I battled a virus. Two virii, actually, and the second infection was my own fault.
The first one hit my while I cruised a wine-making forum: a TDS variant made itself at home and proved unwilling to vacate. I was running Avira Antivir at the time, an anti virus that up until that moment, I had been perfectly satisfied with.
No problem : everything was backed up, and I needed to reinstall the system anyways. It was a five year old XP Home, SP1 system that I was too damn lazy to setup fresh.
Re-installation was a snap.
Two hours later I was installing the last of my regularly used programs, when I had a lapse into idiocy and stuck an infected thumb drive into the nearest USB port.
Seeing as I was still shaking out bugs, I hadn't turned off the Autorun utility.
I watched in horror as a flutter of shortcuts appeared. Virus 2 installed itself:
W32.Ramnit.
Avira did nothing.
Now I could tell something was going on as my Google results were being redirected, so the fact that Avira said that everything was okay did nothing to help.
Some poking around with msconfig and similar tools led me to a respawning executable:
c:\program files\microsoft\watermark.exe
"Watson, the game's afoot!"
Several tedious hours later, I also uncovered
c:windows\system32\ssmypics.scr
c:\documents and settings\Robert\Local Settings\Temp\tmp\crypt_killexe.exe C:\windows\explorersrv.exe
The screen-saver was a cute touch: when I listed a directory with a screen-saver in it, WinXP runs the screen-saver in order t display the screen-saver's output as the associated icon.
So I had to use a terminal to delete it, and anyways, it kept getting respawned.
Time for more scanners:
Ad-Aware SE could not find it.
Emsisoft HiJackFree couldn't find it.
Clam AV could find it, but became infected itself, and could not remove it.
Moon AV could not find it
Norman Malware Cleaner could not find it.
IS360 ignored it completely.
AdvancedSpywareRemover ignored it.

By this point, infected files exceeded 22,000
Finally:
1, I manually killed every process that seemed infected;
2, I ran OTL with a configuration file for W32.Alureon ( I have no idea if this proved useful);
3, I ran ATF-Cleaner, and wiped everything I could;
4. I ran ESET online virus-scanner with phasers set to PARANOID.
This led me to:
C:\Documents and Settings\All Users\Documents\Server\hlp.dat
Of course, when I unlocked and deleted that, I got the Blue Screen.
No problemo - ran the WinXP Repair facility, and when everything came back up smiling,
installed the AVAST 30 day demo.
AVAST had no problem finding lurking copies of the virus and wiping them clean.
Half an hour more tracking down and killing infected files, and everything seems to be running smoothly.

If you Google a virus name and add terms like 'fix' or 'repair' or (even the pitiful) 'help', you'll get an endless round of forums bloated with HijackThis ( ! (Is the exclamation point mandatory?)) logs and endless lists of 'scan this, try that ' style instructions.
This post is not intended to add to that hideous panoply, but to serve as a bookmark to myself, a reminder of what I did to Fix It.

And of course, to boast: Me, myself and I - 1, w32.Ramnit - 0 .