This trojan mirrors Netbus's features, however adds new commands to freeze/lockup your computer, grab passwords stored in the system, and open an FTP server to your hard drive.
First you need to delete the actual trojan file.
Click Start, go to Shutdown, and select the option 'Restart computer in MSDOS mode'.
This should put you at a C:\windows prompt.
Type dir exp*.*
You should see two files listed. One being 'ExpLorer.exe', and the other being 'ExlIorer.exe'.
Note the difference by one letter, the L (ell) and I (eye).
Explorer.exe, with an L (ell) is the windows kernel itself.
ExpIorer.exe, with an I (eye) is the trojan.
Type del expiorer.exe (EYE, not ell) to remove the trojan.
Last type exit to return to windows.
Next you need to remove the registry lines.
Click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
At the end, click on 'Run', and the right hand panel should change.
Look on the right hand side for the key:
Right click on that line only and choose delete. Close regedit and reboot your PC.