From: Randall Parker 

A friend's machine running XP Home and the latest service pak and latest
fixes (firewall turned on too) has TrojanHorseDialer.17.M on it according
to AVG. The weird
thing is that an AVG scan and a Norton scan both report no virus. Then just using the
machine an AVG warning dialog pops up reporting the presence of the virus
in a particular file. AVG can't remove it (she might have the free version
of AVG but the
paid version of Norton).

Originally the dialer was found in a file for some Spyware app and I removed that app
using the Add/Remove Programs. Then the problem seemed to go away. Next day it came
back but with much less severe symptoms. Previously the machine couldn't get on the
internet. All DNS look-ups appeared to fail. Now it gets on the internet but AVG pops
up a dialog about every half hour or so.

Anyway, AVG reports a file name and some path that includes a long code field in the
path {numbers-and-dashes} and the dll.

Can I hope to get the virus off her machine without a complete reinstall?

How do viruses implant themselves? In the registry to run when the OS starts? Into OS
files? Can one just overwrite some OS dlls by reapplying a service pak?

Can one download the service pak from MS not using WindowsUpdate and just slam it on
top of the virus-infected files?

--- BBBS/NT v4.01 Flag-5