Below is what I found at
http://www.trendmicro.com
Terminating the Spyware Program
This procedure terminates the running spyware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the spyware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected spyware files in the list of running processes.
To check if the spyware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the spyware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the spyware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Download the latest spyware pattern file and scan your system. Then, delete all files detected as SPYW_DCTOOLBAR.B.
Details:
This memory-resident spyware program is similar to its earlier variant SPYW_DCTOOLBAR.A, with only minor modifications on its routines.
This spyware redirects URL requests entered in the Internet Explorer (IE) browser to the following Web site:
http://www.dotcomtolbar.com/redirect/url.asp?url=
This redirection allows the Web site to log a target machine’s IP address and its original requested site. The said Web site then redirects the user to the correct URL.
It creates the following registry entry to that it runs every time the system restarts:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows
CurrentVersionRun
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
This autostart technique only works if the file name is REDIRECT5.EXE. Otherwise, the spyware does not execute on next system startup.
It is created using Microsoft Visual Basic, a high-level programming language.