Firstly- thanks in advance for any light you can shed on this for me.
I'm helping a friend with a strange pop-up. Specs are:
Compaq laptop running W7 Home Prem. 250GB drive/2GB RAM- typical low-end machine.
He'd had McAfee on for a few months- reported no issue w/it until this week when, if he tried to open it, got only a blank white box where the program window should be. He tried to uninstall it to do a re-install- but even the uninstall window was blank.
At about the same time, he had tried to log in to his Paypal account & a pop-up window presented itself asking for private banking details. Thankfully he called me & I told him to stop using the laptop until I could get antivirus on & scanned- which I did. 4 were detected and moved to the vault using Avira:
JAVA/Exdoer.BN JAva virus
TR/Kazy.14517.41 trojan (same name but from diff location)
I did run HJT- found a few things that looked odd- and I'm no expert...I fixed missing files and the rest look legit (to my untrained eyes).
I checked the hosts file & only have loopback 127.0.0.1
When my friend logs in to Paypal on my Linux machine- this pop-up isn't there- so I know it's the laptop itself.
How should I proceed? Screen shot of pop-up attached. Thanks!