Remember that a virus scanner is not the holy grale. It can only scan and maybe remove the stuff it knows about.
What you're experiencing is a _very_ typical Messenger-"virus". (note the quotes since it isn't a real virus).
Every so called script-kiddy can program such a malicious program and because there are so many of them and all done slightly different, there is no real way to detect them all. Not to mention that each probably needs to be cleaned/removed in a slightly different way
(also the reason why you should first try to remove programs and other stuff by the proper official uninstallation instructions before attempting the use of a generic-removal program as that last one will rarely do the proper things).
So it is not surprising that your virus-scanner will not pick it up or can not remove it.
Anyways, yes, the messages and stuff you send via Messenger are caused by it. And that is also how this malicious program spreads: by tricking your Messenger-contacts you've send them something. They click on the link to see "your photo", but they actually download the malicous program.
-
To remove it you need to find out what _exact_ files and programs are run when you run Messenger.
C:windows\system32\ehknfpsgqz.exe is a start, but it would be no surprising at all if there are more files (like copies of that file, a setup, etc) laying around on your hard disk in some other places.
So, before running Messenger, go to your Task Manager (CTRL-ALT-DEL) and
list _all_ the processes (process tab) which are running under your Windows account login name (see the 'User Name' column. Tip: you can sort the list by clicking on the column headers).
Then do the same thing while you're running Messenger. Run Messenger and go again to your Task Manager to check the processes. List any process which wasn't running before.
Post both lists here so we can take a quick look
***.
*** A very very very good tool to do all this and which will give us all the information we need is
Process Explorer:
- Download the above zipfile
- Open the zipfile (in Windows XP you can simply double click on it; or choose 'open' when you downloaded it)
- Double click on
procexp.exe to start the program (no need for installing anything)
In Process Explorer:
-1- Go to the menu: View > Select Column
-2- Make sure at least the next columns are enabled: Process Name, Description, Company Name, Command Line (<= most important one!)
-3- Click OK
-4- Now that you've selected the columns, go to the menu: File > Save As
And save the process list to somewhere.
-5- Start up Messenger (you don't need to close Process Explorer) and store the process list again, under a new name. Thus again: File > Save As
Now zip those two files together (or add the second list to the first list so you end up with only 1 file) and attach it in a new post in this thread.
Essentially, what you need do next is booting up in Safe Mode, searching your hard disk for the malicious files and remove them manually
/ 
/ 
