This sdra64.exe removal is a little harder to remove than your normal virus removal. The file sdra64.exe is locked by the Winlogon process and therefore you are not able to delete it by using tools such as Hijackthis or Icesword.
To remove this virus please download the following tool Process Explorer from Microsoft/Sysinternals. Process Explorer
Once you have downloaded the tool, open it.
1. Press CTRL+F on your keyboard to begin search.
2. Type sdra64.exe
3. Double click on the search results, it should be listed as winlogon and some additional details
4. On the toolbar select Handle then Close Handle
Then you would be able to delete the file. Follow the location listed in the registry. Typically it's going to be C:\windows\system32
5. Delete the sdra64.exe file or rename it.
6. While in the system32 folder delete the folder called lowsec which contains the spyware data.
7. Restart your computer then open Regedit by going to Start --> Then Run and typing Regedit, then click ok.
8. The registry should look like this
9. Double click on the Userinit entry and then remove everything after the comma.
10. Go to Edit then refresh your view to verify that the entry does not come back.
11. Turn off your system restore (under My Computer --> Then Properties) then you can turn it back on.
Your system should now be free from this sdra64.exe virus, we still recommend doing a full virus scan to remove any additional files the could potentially be remaining.