|Thanks Ed. The worm is officially a Trojan. It is fully described at http://www.bleepingcomputer.com/mal...|
although that isn't the forum I got the fix from.
I am not a tech. I am a resident in a Retirement Village. I was in the office when the owner rushed in in a state of panic and blurted out the news. The office staff suggested that I look at it. It is a very aggressive fake internet security suite. Even Google's Home Page was re-written with a statement that he needed to buy this thing. Any attempt to browse the Web succeeded momentarily, then got redirected to about.blank. I went back to my own unit, got the instructions from there, and did what it said.
On a reboot it was gone. IE still had the cached page for Google, so I cleaned out all his browser history, including "history put there by programs" or similar (I run Firefox under Linux,) and refreshed the page. It was clean.
I saw him a couple of days ago and he said it had come back. The original infection apparently came from an e-mail, but he claims that this one didn't. He has AVG antivirus, freeware version, but he had automatic scanning switched off. He won't pay for an upgrade. He simply went to an earlier restore point.
So long as he is happy, I am leaving well alone.