Found a virus infection that could not be cleared easily :-(.

Customer is running Norton IS (suprise suprise), but the kids did a lot of instant messenger (also seems to happen a lot), so this is what I suspect happens:

• Children and teens are much more suceptible to social engineering attacks, compared to us cynical adults.
• As kids do the messaging, they occasionally stumble across an offer to download and install 'messenger plus'.
• They think: wow, the emoticons/smiley faces are much cooler than boring microsoft & yahoo messenger
• The desire to show their friend their new 'cool' messenger overrides any boring warning messages that a firewall / antivirus / anti-malware program might pop up.
• Malware is now installed & its downhill from there

In this particular case, Norton said everything is fine, but occasionally, a red box would pop up in the bottom left hand corner, saying something like: warning, your system is infected by a virus.

I think: ok, I'll install and scan with antivir (www.free-av.com) and ewido (www.ewido.net) but they also find nothing!

This is looking like a true virus infection (probably an infected dll)

I take the laptop back to the office & have a think of the best way to fix this.

I can think of 2 options:

1. I can create a boot CD with the latest anti-virus
2. I can plug the drive into my main system (as a drive D: ie: not the main drive), & then do a scan from my already up-to-date antivir

Since I'm short on time, I decide option 2. I find some nasties (mostly trojans) & clean them up. Most trojans are very recent (they were added to the antivir list just 6 weeks prior to my scan!).

After that, everything is just fine.

Now, I just need to find a simple way to implement solution 1. above, while making sure I always have the most recent virus definitions… Maybe a boot disk & a virus def. file on usb.

Unless someone has a suggestion, it looks like I'll be spending some time reseaching the latest antivirus applications.