Expert: Doug Woodall - 7/12/2010

Question
QUESTION: I sent this question to Keith Davis, so hopefully this isn't a violation, but I figured it would be good to get help from more than one person.

My grandma's computer was infected after she clicked on a link in a facebook message. I have searched the internet for some help based on the information displayed by AVG after detecting the virus, but this appears to be a very new virus and I'm not sure what to do about it.

Here is some info:

Process Name:  C:\WINDOWS\system32\svchost.exe
Process ID:     1880 (before running AVG)
        1008(after running AVG)
Message Before running AVG
Exploit Neosploit toolkit (type 1179)
Trojan horse generic 17.AOPG infected
Trojan horse generic 18.280 infected
After running AVG – clicked on “Heal”
Response: “some files will not heal”
Trojan Horse Fake Alert. SG

Unfortunately, my grandma shut down her computer and now it will not start back up. Here is the message that appears instead:

Dell System Dimension 2400 Series B105 version
Phoenix ROM B105 Plus Version 1.10 AO5
Copyright 1905-1988 Phoenix
Previous attempts at booting this system have failed at checkpoint.  For help in resolving this problem please note this xxxx Dell tech support.

I would like to help her remove this virus without reformatting if at all possible. I appreciate any advice you can offer.
Thanks.

ANSWER: Hello Joel,
I dont know if it matters if you submit the same question to two people, I'll check.

Does she have a restore CD?
Is it still under warranty for Dell assistance?



---------- FOLLOW-UP ----------

QUESTION: Thanks for your reply.
I believe she does have the restore CD. I don't think it is under warranty.

Answer
Hi again Joel,
Can you run the restore CD and see if it boots?
If it does, run the repair/restore utility and see if that fixes it.
If it works, make sure you dnload the latest Microsoft updates as soon as possible to keep it secure.
Let me know ,
Doug