I restored to the restore point that was about 4 hours prior to the infection and that cleaned up the desktop fake warning box. My questions are:
1. Is that enough? If not, what else needs to be done to make sure it's safe?
2. The PC was on a company LAN at the time, and it was shut down and rebooted a few times before being removed from the LAN. Does this bug have a payload that could infect other PC's on the LAN? No one else has reported any problems.
3. Does it have the ability to infect flash drives? Software (like VCLEANER.exe) was download to another PC and then moved over on a flash drive.
BTW, this infection occurred when the user received an email announcing an "e-card from a dear friend." The hot link looks like a legitimate web site: (which probably got hacked) followed by /e-card.exe Now how obvious can it be? I'm surprised AVG didn't flag this one.