I am not sure if I should post this here in XP or in the malware forum- please advise.
PC was working great, very stably, with XP SP1 fresh install for several months and I then lent it to my sister while I repaired her PC. They said my PC worked fine for them but my naughty nieces had loaded a bunch of programs like WeatherBug, AOL IM, AOL browser, KodakEasy share and some others.
I have Symantec anti-virus Corporate Editiion, Spybot S&D, and AdAware installed. Had updated and scanned with all 3 programs before I lent this PC a month ago. I also have Google toolbar popup blocker.
I was planning to load SP2 on mine as soon as I got it back. (SP1 was updated about a month ago when I gave it to them- not since).
When I switched computers back yesterday and booted up my original PC, the first odd thing was that XP said it found new hardware- my Brother laser printer although the driver had already been loaded and it had already been working fine before the switch. I just ignored this at the time, and didn't check this further yet, i.e. whether driver is there and printer working.
Then the graphics on a website I visit frequently took a few seconds to "fill in", whereas they used to appear instantly. Switching pages also took much longer than usual.
Then a Symantec window popped up and gave me some kind of "hacker" warning and said it was quarantined successfully. (didn't write down exact message)
Then I started getting IE popups, although I was using Firefox (!?) Very strange, as after using S&D, AdAware and Firefox, I haven't gotten even one popup.
Then I (tried to) uninstall several programs: Weatherbug , Registry Cleaner (or something like that- in retrospect, I never should have used this? I was trying to fix a Brother error problem before the switch, which this cleaner didn't help, a patch Brother sent did) but it said it couldn't uninstall (didn't write down exact message), Kodak EasyShare.
When I tried to unstall EasyShare, it didn't seem to finish and then I got windows that said "CiceroUI Wnd Frame" and another that said "pokapoka 70.exe", but I didn't write down the exact message. My sister also got this Cicero window on the other (repaired) PC while she was loading EasyShare, but she just closed it quickly before I could write down what it said, as it looked suspicious to me- no news yet from them of problems with that repaired PC (similar system- same Dell, cpu, RAM, except with DSL).
Now, 7 of my 24 desktop icons are not normal- they are a white square with what looks like a little PC "window" (blue bar on top) inside.
AND, bummer days, most of my programs no longer open.
a) Word shortcut on desktop (icon looks normal)- first of all, it doesn't just go to Word as usual- instead a Windows Installer window comes up and then I get this error message with a big "X": "Problem with shortcut This patch package could not be opened. Verify the patch package exists and that you could access it, or contact the application vendor to verify that this is a valid windows installer patch package." Also can't open Word at all- such as by double clicking on a document on the desktop.
b) Firefox won't open from the desktop shortcut (again, this icon looks normal)- I get: Windows cannot open this file: file: firefox.com To open this file, Windows needs to know what program created it...etc BUT I CAN open Firefox from my start button menu.
c) I can open my Control panel but can't open Add/Delete programs- I get that windows can't find rundll32.exe or something like that.
d) I can't open the Programs menu at all from the start menu.
e) The Symantec yellow shield icon is not on my status bar anymore and I don't see it in or anything that looks like an .exe file in the Symantec folder in Program Files. Again, in this folder I see mostly those "Windows" icons for each file and not the normal ones. The LiveUpdate folder in the Symantec folder also has mostly only those windows icons and nothing that looks like the LiveUpdate file I can launch.
So I don't know if I can run a virus scan.
Don't want to update either SP1 or up to SP2 yet (not even sure I can at this point), as your site says not to do this unless you are sure computer is free of malware or other atrocities.
Wouldn't ya know it, IE still works from desktop shortcut.
Any help would be greatly appreciated.
Thank you, Lyn