|I'm trying to fix the family computer. It seemed to have an XP Defender like virus. I scanned the computer with Spybot & AVG, it came up clean even though there was an obvious popup with the typical XP Defender screen and behavior. So I did a system restore to the earliest restore point.|
But then things got weirder. The defender screen was gone. Everything seemed fine except when we tried to use the web the Browser started going to all sorts of sites we didn't input, even NAUGHTY sites (you know what I mean). This is BAD because we have kids in the house :(
I have scanned with
AVG 9 - clean
AdAware Free - just cookies, deleted
Bazooka - Clean
Spybot - Clean
Malwarebytes - Clean
Spyware Doctor - just cookies (can't delete, don't own paid version)
Tried to install Windows defender and got error
"The system administrator has set policies to prevent this installation"
I scanned a HijackThis file and according to the analyze tool I used on a website, nothing seemed a red flag (although a couple of items that are real windows files could be fake. I can't tell. So I didn't touch them.)
I went to just reinstall windows. But then is asked for my Administrator password. We never set up an administrator password. We set up the PC with 1 user with Admin access and 1 disabled Guest account. So no reintall.
Doesn't matter anyway because as I discovered, the Windows Product Key on the PC is for Windows 7. The PC came with 2 disks, Windows XP and Windows 7. My family prefer not to have windows 7 on the computer. It came with XP installed and that's what we wanted to keep.
Windows update returns: Internet Explorer cannot display the webpage
Although most other webpages load just fine.
Some things I noticed too. When the browsers redirect, sometimes it gets stuck on what seems to be the redirect page. This page is hosted (it seems) from http://9z8j5a0y4z51.com
Another thing I noticed was the presence of the element qing.ico in some of the source code of the redirect pages.
This is affecting Opera, Firefox and IE8
It redirects when we search and click a link
The search results seem bogus sometimes too.
Again, everything comes up pretty darn clean.