From: "Tony Ingenoso" 

Find the executables and overwrite them with garbage files of the same
name, then set their attributes to system/hidden/readonly.

I've found this to be useful for things that sliped through all the
barriers before any fixes were available.  Most will be too stupid to reset
file attributes.

Also useful is to locate and registry entries for the offender and change
the executable names to something like "XXXsomeworm.exe". A lot
of them only look for the reg key to see if they should try to infect.  If
its there, they go away.

"Randall Parker"

wrote in message news:4202c177{at}w3.nls.net...
> A friend's machine running XP Home and the latest service pak and latest
fixes
> (firewall turned on too) has TrojanHorseDialer.17.M on it according to
AVG. The weird
> thing is that an AVG scan and a Norton scan both report no virus. Then
just using the
> machine an AVG warning dialog pops up reporting the presence of the virus
in a
> particular file. AVG can't remove it (she might have the free version of
AVG but the
> paid version of Norton).
>
> Originally the dialer was found in a file for some Spyware app and I
removed that app
> using the Add/Remove Programs. Then the problem seemed to go away. Next
day it came
> back but with much less severe symptoms. Previously the machine couldn't
get on the
> internet. All DNS look-ups appeared to fail. Now it gets on the internet
but AVG pops
> up a dialog about every half hour or so.
>
> Anyway, AVG reports a file name and some path that includes a long code
field in the
> path {numbers-and-dashes} and the dll.
>
> Can I hope to get the virus off her machine without a complete reinstall?
>
> How do viruses implant themselves? In the registry to run when the OS
starts? Into OS
> files? Can one just overwrite some OS dlls by reapplying a service pak?
>
> Can one download the service pak from MS not using WindowsUpdate and just
slam it on
> top of the virus-infected files?

--- BBBS/NT v4.01 Flag-5