Expert: Keith Davis - 7/12/2010

Question
My grandma's computer was infected after she clicked on a link in a facebook message. I have searched the internet for some help based on the information displayed by AVG after detecting the virus, but this appears to be a very new virus and I'm not sure what to do about it.

Here is some info:

Process Name:  C:\WINDOWS\system32\svchost.exe
Process ID:     1880 (before running AVG)
        1008(after running AVG)
Message Before running AVG
Exploit Neosploit toolkit (type 1179)
Trojan horse generic 17.AOPG infected
Trojan horse generic 18.280 infected
After running AVG – clicked on “Heal”
Response: “some files will not heal”
Trojan Horse Fake Alert. SG

Unfortunately, my grandma shut down her computer and now it will not start back up. Here is the message that appears instead:

Dell System Dimension 2400 Series B105 version
Phoenix ROM B105 Plus Version 1.10 AO5
Copyright 1905-1988 Phoenix
Previous attempts at booting this system have failed at checkpoint.  For help in resolving this problem please note this xxxx Dell tech support.

I would like to help her remove this virus without reformatting if at all possible. I appreciate any advice you can offer.
Thanks.

Answer
See if you can boot to safe mode. Usually you do this by pressing F8 upon startup. If you get to the point where you have options pick "safe mode with networking". If you can get on the internet download Combofix from www.combofix.org . I believe you have a trojan horse that cannot be removed by AVG. AVG is good but it is geared more toward data stealing (or killing) viruses.
If you cannot get on the internet, try and borrow another and put it on a flash drive. Flash drives will still work in safe mode.
Let me know how it goes.

Keith