Expert: Lorry - 6/11/2008

Question
A PC has gotten infected with XP Antivirus and I believe there is probably some other type of virus or trojan that is on the PC.  I was able to go to www.ewido.net and perform an online scan - but I can't go to Pandascan to run a scan.  ALL internet pages get blocked - with the exception of Ewido.  This PC is XP Home and they are running AGV antivirus - free edition.

So I downloaded on another PC and emailed Spybot to the infected PC and was able to update the definitions, immunize and run Spybot.  It found 4 problems.  I don't know what to tell this person to do.  I don't know if they have readily accessable the OS - in the event they try to reinstall the OS.  

I'm wondering if it would be a good idea to email hijack this to that PC and try and run that and then post the log.

I went to the manual removal instructions for the XP Antivirus at Symantec's website - unfortunately - unless a good scan be run - I'll never know if there is some other type of trojan lurking - so I can manually remove it until the cows come home to no avail - if there is more than one thing messing things up.

I even tried to go to System Restore - heck - I was tired and thought that might be a last ditch effort - I can't go back to any other date to restore - or to another month even.

Thanks

Answer
Hi Jennifer,

Am assuming that you know the name of the virus as you mentioned that "the manual removal instructions for the XP Antivirus at Symantec's website. At the Symantec site when it states to run a scan, have them run a full scan with AVG to verify that the threat(s) are gone. The important thing is to disable System Restore before removing the virus. Don't for get to enable System Restore afterwards.

Regarding Spybot, they removed the threats, correct?

Verify that they have the Restore/Recovery CD or the Windows XP CD just in case.

Hope this helps!
Lorry