1. Activates the Guest account and add it to the Administrators group
2. Shares the C drive will full access to Everyone
3. Disables share-level permissions on all shared directories on the system
4. Modifies several other registry keys and system files
From all reports I've seen, the best way to rid your system from this virus is to reformat the system immediately and reinstall all software from trusted copies. According to Dr. Jesper Johansson, editor of the SANS Windows Digest, "while a 'cleaner' may remove the detritus left by the worm, you have had a system-level compromise of your system. No 'cleaner' is able to remove any additional problems introduced through the backdoors left by the worm. This is a severe measure, but it is the only reasonable course of action after an attack such as this."
This was first published in October 2001