Sunbeltblog has more info on the identity theft keylogger and will offer removal tool
There another two fascinating posts in the saga of the massive identity theft that was reported in the Sunbelt blog. For starters they detail the beast here. It sounds truly devious, MAY still be related to coolwebsearch after all. It turns off Windows firewall and runs through Internet Explorer (thereby bypassing any other software firewall.)
In their second post it’s been given a name and they’ve announced the release of a removal tool. The new name for this malware is Srv.SSA-KeyLogger, they think Kaspersky may have recognized it already as Win32.Dumador.df , but doubt other antivirus companies have definitions to detect it yet.
Their removal tool will be available at their website. I don’t yet see it listed, but expect it will be featured prominently.
Update – the removal link is in the lower left hand corner of the main page (it takes you to the research page that hosts the download.) Also, you can download the Counterspy trial to remedy this specific logger.
Update2 – lavasoft may have run across a similar or identical keylogger.