step 1.
Start your PC in safe Mode
Press CTRL + ALT + DELETE
then Go to Processes, and select WSCRIPT.EXE and End Process

Go to Start then Run then type CMD

2. type cd\ if does not work type cd.. then cd.. until it becomes c:\ only

3. type cd windows\system32

4. type attrib kernel.dll.vbs -s -h -r

5. type del kernel.dll.vbs

6. type del antz.html

7. go to any drive that is infected, eg.) C:

8. type attrib to see if there is an antz.vbs

9. if found.. type attrib antz.vbs -s -h -r then type del antz.vbs

10. Next is to delete the autorun.inf (This is the one that appear in your hard drive once you right click) to delete this type attrib autorun.inf -s -h -r, then del autorun.inf -s -h -r

Next is to delete the html page that always appear in start up.

go to registry editor

to go to registry editor in the run application type regedit then enter

locate this one.

HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/RUN

and delete the antz key.

next is to find the one that runs the antz.html heres how to do it.

hkey_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON

locate the shell key, you will notice that there is another text after the explorer.exe and this should be deleted.

C:\windows\system32\kernel.dll.vbs

to delete just right click then modify.

delete the text after the explorer.exe. * don't delete the explorer.exe

the default value of shell is explorer.exe

after that restart your PC.

Have Fun!!!!