Mejores Amigos email virus

Got a nasty virus on our network at work yesterday after someone opened a .ZIP file in an email titled “Mejores Amigos”. The code apparently hijackes the users Outlook contacts, grabs some malicous code from the web, then infects the PC and any network drives mapped to the PC, dropping an inf.exe file on all of the mapped drives, which then run the next time someone else uses that drive. Fortunately you have to either access a shared mapped drive for your PC to be infected, or be the genius that opens that email and zip file. It appears to be using MSN Messenger and/or Morpheus to pull the malicious code that starts the problems.

The inf.exe file reads as follows:

[autorun]
open= “inf.exe”
icon= “C:\WINDOWS\system32\SHELL32.dll,8”
action=Abrir carpeta para ver archivos
shell\open=Abrir carpeta para ver archivos
shell\open\command= “inf.exe”
shell\open\default=1

Any assistance would be greatly appreciated!

Thanks,
King

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware.
Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

VirusTotal
https://www.virustotal.com/file/4a1034e20da894335d078a49b5862e57b5fd9c045654d4a29c234983462f8f7b/analysis/1334437701/

SOPHOS
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~AutoInf-C/detailed-analysis.aspx

ESET
http://www.eset.eu/encyclopaedia/win32-clofect-a-vipantispyware?lng=en