I am helping a friend clean up her Toshiba notebook, XP Pro SP2, that got infected with Spyware Guard 2008 and MS AntiSpyware 2009 which seemed to bring in a bunch of other malware. I found BleepingComputer while Googling for removal clues. After reading several forum articles, I downloaded Malwarebytes’ Anti-Malware free version and SUPERAntiSpyware. I also downloaded the latest version of the Microsoft Malicious Software Removal utility. I burned all these to a CD on another computer, then installed them on the infected computer from the CD with having it connected to the Internet. After several scans and quarantining sessions with each tool, I got it down to the point that there were only a few errors that kept coming up on a full scan. At this point I connect the computer to the Internet, updated Malwarebytes’ Anti-Malware and SUPERAntiSpyware and did complete scans and quarantines. After a couple of rounds of this, all three tools report no infections after multple shutdown/startup cycles and rescans. The system boots much faster and has not displayed any evidence of the infection(s).
The malware had turned off the Windows firewall, Windows Update, and the Symantec Antivirus settings. I have gotten the Windows Firewall and Update re-activated, but I am having trouble with getting the Symantec AntiVirus to act right.
When the system boots I get a balloon that says:
Your computer might be at risk
Symantec AntiVirus Corporate Edition is turned off
Click this balloon to fix this problem.
Clicking the baloon brings up the Security Center which reports:
Virus Protection OFF
However if I open the Symantec AntiVirus (Full Version 10.0.0.359) application it says that all protections are turned on:
are all enabled
The Live Update for Symantec AntiVirus works. The first time I did it, it downloaded new rules, but the date and version were not reported as being changed. It reports Virus Definition File Version: 12/20/2008 rev.3 She thinks that the system was infected on 12/20.
Occasionally a yellow and black box will pop up in the lower right corner that says:
Auto-Protection is Disabled
I have read the Preparation Guide for use before posting, and have downloaded and run the DDS tool. The DDS.txt file is attached. As directed in the Attach.txt header, I am not including it at this time.
Any help or clues on how to get the AntiVirus recognized again will be greatly appreciated.