1. You may have downloaded it knowingly or unknowingly mistaking it to be something else.
2. It may have automatically downloaded while you were visiting some harmful website
3. Your computer may have a trojan virus which in turn downloads such an application.

Recently I have noticed that the malware authors are also keeping track of the removal instructions published on the internet. As soon as they think that the malware is exposed, they change the file/folder names and the locations where they are saved on the hard disk. So keeping this in mind you will require the latest information of the malware in order to be able to remove it.

If you happen to have the rogue installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus.  

Trying system restore

 If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

• Using system restore in windows XP
  •          Using system restore in windows Vista

Free removal tools

• Special tools to remove a single virus or a family of virus.
• Free Online virus scanners
• Fully functioning antivirus/ antispyware

•  Free tools for windows XP
  
  
  • Free tools for windows Vista

Removing files manually

The steps to be taken to remove the infected files manually   

Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processe/s. In the recent sample it was found to be creating a process named savesoldier.exe, SaveSoldierSvc.exe , also look for any other suspicious names,   select if found and press the End Process button, confirm and close the Task Manager.

Optionally you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from windows genuine processes.

• How to use Windows Defender in windows XP
  
  
  • How to use Windows Defender in windows Vista

Removing entry from windows startup

using the system configuration utility

 in xp: Click on Start > run
type msconfig, press ok

in Vista: click on Start , and use the search box
type msconfig, press Enter

 The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration utility window is open,
Click on the Startup tab
that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program

Locate and uncheck the entries SaveSoldier Software, SaveSoldier (look for any other similar suspicious names) Uncheck the boxes in front of these entries.

Press Apply , Press Close/Ok. Stay in the system configuration utility for the next step.

Windows Services Modifications

While staying in the system configuration utility, click on the Services tab. Locate a Service named "SaveSoldier Security Service" or "SaveSoldierSvc", the virus stops this service, if it is so, then Check the box in front of it to Start it again. Now press Apply, press Ok to restart the computer.

View Hidden Files and Folders

before you could search and delete SmartProtector and its associated files

• View Hidden Files and Folders in Windows XP
  
  
  • View Hidden Files and Folders in Windows Vista

 Deleting files 

After restarting the computer, use the windows search utility to search for "SaveSoldier" and "GAV" This search will find all its folders on the hard disk , delete the folders from the hard disk. Delete its all instances. There are several variations of this rogue in which it changes its fienames.

Here are the current folder locations of SaveSoldier, delete the folders in found.

C:\Documents and Settings\All Users\Start Menu\Programs\SaveSoldier
C:\Program Files\SaveSoldier Software
C:\Program Files\SaveSoldier Software\SaveSoldier
%Temp%\nsh2.tmp

(in order to remove the files from the temp folder, use a freeware temp files cleaner like CCleaner)

Run CCleaner

after deleting Smart Protector and its associated files , as there will be leftover entries in the windows regitry. CCleaner is a free temp files/registry cleaner, that will automatically clean the registry as well as remove the temp files . Click here to read more

Edit Registry

if you are comfortable in using the regedit command. 

• How to edit registry in windows XP
  
  
  • How to edit registry in windows Vista

You can find the list if registry modifications in this report

More Problems

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Use the system file checker

if you want to make sure that the windows system files are not altered by the virus, and in case if they are altered then to repair them.

•  How to run System File checker utility in windows XP
  
  
  • How to run System File checker utility in windows Vista

Using Firewall 

Check your firewall for any suspicious communincation from your computer to the internet and block it using the firewall on your computer.