Helping a friend with a virus, but ... it's XP SP1 !!!

[bankster55]

all the supposed good AV just dont work against the new fake AV
I stopped using MWB SAS etc long ago

What you need for your particular prob is combofix - you can find it at majorgeeks.com, or bleepingcomputer.com
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Majorgeeks also has TDSS killer and also rkill which stops the hack
service so that a lame AV like MWB can work on it.
http://majorgeeks.com/Kaspersky_TDSSKiller_d6895.html
http://majorgeeks.com/RKill_d6848.html
If you get it anywhere else its prob fake - hackers hate it
If you want an Internet Security Suite that works (AV FW) just get Comodo freeware (listed good for XP SP2 or higher)
Even better just install Ubuntu 11.04 - then you wont need any AV

 

[sonoferu]

But I know the exact time the virus started and I did the restore to a full day before that.

Seems good, so far. I have the service pack updated and I installed AVG. Someone above said it's not as good as Avira, but I have had AVG myself for years with no viruses and a certain number of "catches" so I feel ok with it. She doesnt do web stuff on this machine anyway. It was an email virus.

OK all, I really hope I'm ok now. I havent taken much of people's advice, I guess, but I really appreciate the help

 

[vailr]

Great that you were able to install XP SP3.
However, I would still recommend doing a "one time run" of Combofix (as mentioned previously), just for the heck of it.
Another free anti-malware detector program to consider: "HiJackThis".
IE6 is not a very secure browser. XP SP3 can be updated to IE8.
And: run Windows Update until no more updates are available.
Instruct the user to run Windows Update every second Tuesday of the month, when MS makes them available.

 

[VirtualLarry]

listen to vailr. Don't leave IE6 on there, update to IE8. The security of IE6 is absolutely awful.