Posted 15 September 2009 - 08:13 PM
Yesterday, one of my neighbors asked for help. It turned out that she had a malware program on her system called Windows Protection Suite. I googled (on my own computer) and found numerous sites recommending your malware removal program. I downloaded it and took it over on a USB stick. Installed it, ran it, it appeared to work beautifully and removed umpteen infected files and said we were done. It appeared that she had not had an active, updated antivirus program running before this incident, so I also installed the free version of Avast for her. She has Windows XP SP2 and Internet Explorer 7. Avast ran a scan and didn't appear to find any problems.
But now there seem to be a few traces of the malware left. When I go to Windows Security Center, under Firewall, at first it still said "Windows Protection Suite is on." Then I searched the registry and found two references to Windows Protection Suite, which I deleted. The file to which those entries referred were not on her system as far as I could find.
Then I rebooted and went back to Windows Security Center. It still said Windows Protection Suite is on. I clicked to look at the settings and clicked "on" for the Windows Firewall. Now, instead of saying "Windows Protection Suite is on," it says something about "at least one firewall on the system is on."
Meanwhile, her browser insists on going to Google Canada instead of Google.com (don't know if this is related or not). Other than that, the system now appears to be working fine.
Windows Update wants to install IE 8 and XP SP3, but I thought we shouldn't do anything major until I'm sure that Windows Protection Suite is 100% gone.
What should I do next?