Hi,

I visited a friend earlier today and he asked me to check his PC as it had a virus. The PPC had Vista as OS. I found it acting bit weirdly as there were some pop-ups showing broken links or reporting how some task could not be done because of some privilege problem.

I found NIS being out of date, most of the status signs were red crosses (cannot reiterate enough the importance of being up to date with both security and OS software). I was able to visit any of the security software companies’ sites. But nothing would work if I go for a free scan that some of them offer. It would always get stuck at some point.

I tried downloading one of the legitimate free AV software products just to find that the installation would fail at some point without any message or warning.

I went into the registry and deleted all entries in Run section in both Local Machine and Current User.

Still, after restarting the machine, I would see a bunch of EXE files running in Task Manager, all with weird names like some rumbled numbers and letters (or numbers only, not sure now). Tens of them.

Now I'm thinking that besides installing OS from the start, I could try using some of the removal tools, but only if I know which malware got onto this machine at the first place.

Owner's daughter has told me that it was something that looked like legitimate Windows update or something like that.

I found FAKEAV to possibly match this situation, but I'm not sure still.

Also, when I went to check the Hosts file, I found only one entry below the standard Localhost. It was something like:

::1

I deleted it but could not save the file in Notepad. Later I found that was a legitimate entry in relation to IP V6. Anyway, I still wonder why I could not save the file.

Based on the symptoms above, would anyone be able to help me identify the malware, so I can try to get the right tool to clean that machine?

Thanks