He is running Windows 7 x64 bit. Using Avast 4.8 which the infection has mostly disabled although it does allow a manual scan and deleting files but he is not able to use the virus chest because that service has been disabled. He has also tried to system restore back a few days with no success as the restore would not fully complete. And of course Avast will not do a boot time scan on a 64 bit operating system (we just found out).
So far he found one virus that he deleted and after that remote access would not work, and upon rebooting, all internet access was non functional. Since then he has also found:
He did try to delete the AHD file but is still scanning when he discovered the AMY variant and AAW.
Now on the phone with him and he is going to try to Delete them because that is the only option Avast is allowing him.
Restoring internet access and getting the PC back to a working state is what we hope to achieve without restoring to a full partition wipe if possible. I have downloaded the guide to cleaning you offer on this site, and the tools listed and will snail mail them to him if we can make no progress. His level of computer experience is beginner which makes this all the tougher.
Is there a risk of further infection if he plugs in an external hard drive to move his photos offline before formatting, if that is the route he chooses? He is concerned because his external USB harddrive stores his music backups and family photos.
As of this time, he did delete those three mentioned above via Avast manual scan. Upon rebooting, internet access still disabled, and avast is still not protecting anything in real time.
Any advice would be appreciated, thank you.