My granddaughter, running her laptop on Vista Home Premium SP2, with all
the updates managed to get infested with a fake A/V scanner. The
"scanner" runs for a bit, then tell you that it has found somewhere
between 5 and 15 "infestations" and tells you that you have to pay to
get rid of them. Every 5 seconds a pop-up appears telling her that
'whatever'.exe is infected and cannot run. All sorts of executables
will fail to run - including AVG. I cannot start Task Manager either -
I'm told I don't have enough priveleges and 'not enough permissions' (sic).

I tried all the normal methods to get this pesky thing, but none will
work. I ended up pulling the HD and hooking it up to my desktop and
scanning it with AVG there. Didn't find a thing. Malwarebytes I
scanning now, but it is not finding anything (yet).

I can start the computer in safe mode, but AVG will only run it's
commandline interface. Didn't find anything that way either.

I figure it has to be coming out of the registry and kicking off a
couple of hidden executables. Where would be the best place for these
to come from; HKLM\Software\Microsoft\Windows\Current_Version... or
somewhere else?

Questor