Most worms you should be able to get rid of after playing in your registry. BTW. MSInfo provides a wealth of information about your machine, including running programs, start-up programs, etc. It tells you the exact location of the file as well.

Here's an extract from http://www.sophos.com/virusinfo/analyses/w32chira.html

Description
W32/Chir-A is an internet worm that tries to spread via email by sending itself to email addresses found in the Windows address book.

The email will have the following characteristics:
Sender address: <username>@hotmail.com or [email protected]
Subject line: Hi,i am <username>
Attached file: p.exe

The worm attempts to exploit a MIME and an IFRAME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment. Microsoft has issued a patch which secures against this vulnerability which can be downloaded from Microsoft Security Bulletin MS01-027. (This patch was released to fix a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.)

When run the worm copies itself into the Windows system folder as runouce.exe (not runonce.exe) and sets the following registry entry so that the worm will be automatically started when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Runonce =
C:\<Windows system folder>\runouce.exe

The worm also creates several EML files with the name <computername>.eml on network drives. These EML files contain a base64-encoded copy of the worm.