I'm trying to fix a laptop for a friend. It's a Dell with old disk and trying to clean install on a different disk has failed for now because the code on the machine doesn't match anything I can install to it. XP Pro, dunno the SP but let's assume SP3 for now.
Pop ups were supposedly appearing and since I couldn't run process mangler I assumed it was a virus, having done the usual "rename it iexplorer" trick I can kill processes but nothing seems to be the problem there and there is the usual several dozen MS ones that might or might not be genuine and tend to respawn if killed. There's also all manner of apple stuff installed like itunes and goodness knows what. Obviously things like MS Security Essentials won't install as there is a virus present.
There are few actual symptoms other than that but MS Sec Ess found "best malware protection" or sommat with the same alias and thought it had quarantined it when I had the drive hooked up as a spare on my machine. It also found a dodgy hosts file which is an unknown state now, apparently doesn't exist unless I try to create it. I do have hidden/sys and extensions visible but hosts is hiding I guess.
For a bit, I couldn't access the internet but I can now and I'm not seeing popups or porn sites coming up on search.
The main reason I know this is still a problem is that security centre tells me that "Best Malware Protection" is running just fine as my firewall and warns me not to use the windows one if I turn that on too, there are no options for turning off BMP or any sort of settings in it. I don't really want that, eh?
None of the free online scanners I've tried (the ones that are genuine, I mean, not the dodgy stuff) appear able to find anything, after MSE took out the executable that probably installed BMP so I'm thinking the signatures are of a new one.
Can't see anything obvious in the registry when searching for "firewall", I dunno exactly where I should look for that though.