Found some more info on this trojan from Trendware's site:
Description:
This backdoor malware drops a copy of itself as WINXPUPDATE.EXE in the Windows system folder. It then executes this dropped copy, and deletes its original running copy.

It adds a registry entry to ensure its automatic execution at every Windows startup.

This malware operates as an IRC bot that connects to an IRC server, where it listens for commands from a remote user. It executes these commands, providing the remote user with control over the affected machine.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Winsock32driver = "winXPupdate.exe"
Close Registry Editor.

Then it goes on to say use Task manager to end the process, close system restore and run a scan

--------------------------------------------------------------------------------