Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Version Comparison: Required Reading - Home User Assistance Malware Troubleshooting

Comparing: Revision 8 » Revision 9


 
 
Color Key: Addition Deletion Change
Revision 8   By April Jacobs at 3 years, 5 months ago Revision 9   By SPyron at 3 years, 4 months ago

So that we can better assist you with your malware issue, please read this document and follow Steps 1-3 before you post.

 

Step 1: Ensure Windows and McAfee are up to date

Run Windows Update, and also update on your McAfee software. SecurityCenter must be green and show that protection is enabled. If it is red, please post what item shows not protected.

 

Step 2: Run Scan and Stinger in Safe Mode With Networking Support

  1. Restart your computer and press F8 repeatedly while booting up. You'll see a boot screen with choices.
  2. Using your cursor keys, select Safe Mode With Networking Support. Your PC will boot in a low resolution state and most processes will not be run.
  3. Go to My Computer (in XP) or Computer ( in Vista / 2007),
  4. Right-click the hard drive and select Scan from the drop-down menu. You'll notice an extra taskbar icon. If you hover over it, it will display a progress report.
  5. After the scan completes, make a note of anything it detected.
  6. Download our free Stinger tool and save it to your Desktop. Please note that at the time of updating this doc there are two stingers referenced on the linked page - one targeting specific Fake Alert variants and one more general version (which will be version 10.1.x.xxx). Unless you know you are dealing with one of the referenced fake alert variants please download the general version.
  7. Run Stinger.

 

If you're still having problems, try, the following:

 

Run the Stinger again, but this time click Preferences and change "On virus detection" to Report Only, set the "Heuristics" level to VERY HIGH, and disable the option to Scan inside compressed files.

stinger-settings.jpg

 

Post to Home User Assistance what (if anything) the Safe Mode scan reported, and also paste in the Stinger report.

 

 

Some of the most common malware we see is referred to as FakeAlert. It looks like valid security software. Please read the articles below for more information on FakeAlert and other Rogue applications:

 

Step 3: Submit a sample to McAfee Labs

If you know which file is infected, please upload it using any of the methods described here: How to submit a sample to McAfee Labs.

 

There is always a gap in protection between when a new threat hits the Internet and a security vendor such as McAfee becomes aware of the threat and and combats it. McAfee uses Artemis technology to narrow that gap, but if we miss something, we must receive a sample of it. It could be a new variant that hasn't been discovered yet. If we have a DAT for it, the automated system will send you that DAT. If we don't yet, your sample will be assigned to a McAfee Labs Engineer for investigation.

 

Step 4: Remove the Virus:

Self Virus Removal

McAfee provides many free tools to assist you. In addition to our Virus Information Library: http://vil.nai.com/vil/default.aspx, where you can find information on thousands of viruses and malware, you can download diagnostic tools here: http://vil.nai.com/vil/averttools.aspx.

 

There are also many free tools on the Internet. McAfee urges caution in their use and assumes no liability for problems encountered with them.

 

Community Support

Our volunteer moderators and employee advocates are happy to assist you within our best efforts here in the community. Please perform the initial steps 1-3 above and post the reports they generate in your initial thread. That way hopefully, we can get right to the troubleshooting.

 

McAfee Assisted Virus Removal

McAfee provides a fee-based Virus Removal Service. Using McAfee remote technology, the Virus Removal specialist can take control of your computer and perform the cleaning while you watch, which can be accessed here:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR

If no virus is detected, the fee will be refunded to you.

So that we can better assist you with your malware issue, please read this document and follow Steps 1-3 before you post.

 

Step 1: Ensure Windows and McAfee are up to date

Run Windows Update, and also update on your McAfee software. SecurityCenter must be green and show that protection is enabled. If it is red, please post what item shows not protected.

 

Step 2: Run Scan and Stinger in Safe Mode With Networking Support

  1. Restart your computer and press F8 repeatedly while booting up. You'll see a boot screen with choices.
  2. Using your cursor keys, select Safe Mode With Networking Support. Your PC will boot in a low resolution state and most processes will not be run.
  3. Go to My Computer (in XP) or Computer ( in Vista / 2007),
  4. Right-click the hard drive and select Scan from the drop-down menu. You'll notice an extra taskbar icon. If you hover over it, it will display a progress report.
  5. After the scan completes, make a note of anything it detected.
  6. Download our free Stinger tool and save it to your Desktop. Please note that at the time of updating this doc there are two stingers referenced on the linked page - one targeting specific Fake Alert variants and one more general version (which will be version 10.1.x.xxx). Unless you know you are dealing with one of the referenced fake alert variants please download the general version.
  7. Run Stinger.

 

If you're still having problems, try, the following:

 

Run the Stinger again, but this time click Preferences and change "On virus detection" to Report Only, set the "Heuristics" level to VERY HIGH, and disable the option to Scan inside compressed files.

stinger-settings.jpg

 

Post to Home User Assistance what (if anything) the Safe Mode scan reported, and also paste in the Stinger report.

 

 

Some of the most common malware we see is referred to as FakeAlert. It looks like valid security software. Please read the articles below for more information on FakeAlert and other Rogue applications:

 

Step 3: Submit a sample to McAfee Labs

If you know which file is infected, please upload it using any of the methods described here:How to submit a sample to McAfee Labs.

 

There is always a gap in protection between when a new threat hits the Internet and a security vendor such as McAfee becomes aware of the threat and and combats it. McAfee uses Artemis technology to narrow that gap, but if we miss something, we must receive a sample of it. It could be a new variant that hasn't been discovered yet. If we have a DAT for it, the automated system will send you that DAT. If we don't yet, your sample will be assigned to a McAfee Labs Engineer for investigation.

 

Step 4: Remove the Virus:

Self Virus Removal

McAfee provides many free tools to assist you. In addition to our Virus Information Threat Library: http://vilwww.naimcafee.com/vil/defaultus/mcafee-labs/threat-intelligence.aspx, where you can find information on thousands of viruses and malware, you can download diagnostic tools here: http://vilwww.naimcafee.com/vil/averttoolsus/downloads/free-tools/index.aspx.

 

There are also many free tools on the Internet. McAfee urges caution in their use and assumes no liability for problems encountered with them.

 

Community Support

Our volunteer moderators and employee advocates are happy to assist you within our best efforts here in the community. Please perform the initial steps 1-3 above and post the reports they generate in your initial thread. That way hopefully, we can get right to the troubleshooting.

 

McAfee Assisted Virus Removal

McAfee provides a fee-based Virus Removal Service. Using McAfee remote technology, the Virus Removal specialist can take control of your computer and perform the cleaning while you watch, which can be accessed here:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR

If no virus is detected, the fee will be refunded to you.