From: "Geo" 

You will probably need to turn off the system restore feature (control
panel/system/somewhere) because that's the feature a lot of the tougher
virus are using to make it so difficult to get rid of them.

Geo.

"Randall Parker"

wrote in message news:4202c177{at}w3.nls.net...
> A friend's machine running XP Home and the latest service pak and latest
fixes
> (firewall turned on too) has TrojanHorseDialer.17.M on it according to
AVG. The weird
> thing is that an AVG scan and a Norton scan both report no virus. Then
just using the
> machine an AVG warning dialog pops up reporting the presence of the virus
in a
> particular file. AVG can't remove it (she might have the free version of
AVG but the
> paid version of Norton).
>
> Originally the dialer was found in a file for some Spyware app and I
removed that app
> using the Add/Remove Programs. Then the problem seemed to go away. Next
day it came
> back but with much less severe symptoms. Previously the machine couldn't
get on the
> internet. All DNS look-ups appeared to fail. Now it gets on the internet
but AVG pops
> up a dialog about every half hour or so.
>
> Anyway, AVG reports a file name and some path that includes a long code
field in the
> path {numbers-and-dashes} and the dll.
>
> Can I hope to get the virus off her machine without a complete reinstall?
>
> How do viruses implant themselves? In the registry to run when the OS
starts? Into OS
> files? Can one just overwrite some OS dlls by reapplying a service pak?
>
> Can one download the service pak from MS not using WindowsUpdate and just
slam it on
> top of the virus-infected files?

--- BBBS/NT v4.01 Flag-5