Since I’ve spent the better part of the afternoon removing this ;so, I’d thought I’d share the link to the solution.
This nasty little guy spawns temp files in your Windows Temp directory that eventually turn into files with the extension *.tmp.exe. A dialer program of sorts.
CAVS recognizes & quarantines the offending spin-offs from the Windows Temp directory. These items show up in process explorer with the extension mentioned above.
Summary of steps to remove it:
Kill all renegade process’s
delete all the files from Windows/Temp Directory
Find offending dll & rename it. For the record my dll was winjyp32.dll & yours most likely will be win***32.dll. Make sure it’s the correct or more accurately incorrect dll.
Remove Registry entries:
HKEY_LOCAL_MACHINE\Microsoft\Windows NT\Current Version\Winlogon\Notify\winjcr32 (or whatever your version is called)
Delete the renamed dll & restart. Personally I used eraser & erasered on reboot.