This is a new virus, so the antivirus don't remove it yet, if you wait a few days and update your antivirus it will be take care of. I you can't wait and want to remove it manually, I'll give you the step by step -I found it in a forum in spanish and translated it - and of course, I tried it myself and got rid of the virus.
WARNING: this tutorial is not for the faint of heart. It will be better if you have ever edited your windows registry manually. Touching the registry is risky, if you screw up you will have to format and reinstall windows. So I take no responsabilities here. If you are not sure about this, ask a friend that is comfortable editing the registry to do it for you.
Here it goes:
1) Download REG UNLOCKER
https://**********.com/files/15910915...rianos.org.rar
2) Execute reg unlocker (select all options) and as quick as you can, open the task manager (CTR+ ALT +DEL) and kill the process EXPLORER.EXE
3) don't worry if all programs start closing and you end with the task manager alone, that is the point
4) Using the task manager kill the process AhnRpta.exe which is the virus of course you'll have to do this dozens of times thru this tutorial, because it keeps starting itself again
5) run REGUNLOCKER again. With the task manager go to Applications--> New Task and write "explorer" (without quotes) Remember step 4. Now in the explorer window go to Tools -- Folder Options -- View and select "show hidden files and folders" accept and go to the task manager and kill "explorer.exe" there.
6) Dont forget step 4. Now, you only have open the task manager in the tab applications click New Task and write
"msconfig" without quotes, (never forget step 4) go to the start tab and look for olhrwef, deselect it, apply, but don't restart the system, no yet.(step 4), now in the task manager, go to applications - New Task and write "regedit" without quotes. Browse the following path
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}\InprocSer…
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-8C08-4526-51278EA437C1}
the last part can vary a little in each computer, but the firts dozen of numbers will be the same. Delete the keys (I mean, delete the last folder for example {BB4C402F-882A-4526-8C08-51278EA437C1} don't delete the root folders or you will completly screw up your system.
also browse to
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W… entVersion\Explorer\ShellExecuteHooks]
* {BB4C402F-882A-4526-8C08-51278EA437C1} = "hook dll rising"
and delete the key... be careful in this part you don't have to delete the complete folder, in the right pane look for the "hook dll rising" part and delete that one only.
Don't forget step 4.
You can closes the registry and go back to the task manager. New task, click browse and go to
"c:\windows\" you will find the file "AhnRpta.exe" delete it.
Now go to "C:\WINDOWS\system32" look for the file "olhrwef" and delete it (note: I didn't found it in my pc but this part was in the original tutorial that I followed).
Also delete the following files in that folder
afmain0.dll
afmain1.dll
afmain2.dll
If you can't find these files, repeat step 5 and try again, that did it for me.
Now you can restart your computer and use ccleaner to delete any trace of the damn virus that may be left in the registry (if you skip this step won't do any harm tho).