3 Replies Latest reply: Apr 12, 2011 6:26 PM by djcavazos RSS

    McAfee Antivirus Plus

    djcavazos

      I have a question I hope someone might be able to help. Is it possible for a valid version of McAfee Antivirus Plus to somehow become disabled, deleted, or configured differently by a smart hacker? I noticed on my Add or Remove Programs options in Windows XP it showed that I rarely ever use this program, but I have used it on a regular basis to my undestanding. I tried logging on McAfee Antivirus Plus but it prompts me that I have the wrong password and I only have one more try before it becomes disabled.

      I requested the password reminder to be sent to my email address but I haven't received it. In order to get more information I would have to pay McAfee to speak to someone I found out recently online. I'm hoping that I can get some information or help here.

      I see on my computer that there is a folder called Mcafee and another called Mcafee.com. On my McAfee Firewall settings it always enables a program called Generic Host Process for Win32 Services. I attempted to delete the program or somehow disable it to see if that could be malware, but I am not allowed to remove or change it.

      I allowed an acquaintance to use a memory stick on my laptop to copy some videos I had and I have the feeling he installed some type of malicious program as well to gain access to my system.

      To add complications, I bought one of those Android phones that is way too complicated for someone like myself.

      I used the usb connection it came with because I wanted to save some pics and small files to my laptop. I transferred them but now see that my computer is showing an icon called "Iphone" . It is listed as a System File and when I open the "Iphone" icon, it shows "My Documents" and all the folders within it. I tried deleting it but it doesn't allow me to. I looked at my User Settings and it shows on my desktop folder, but it's not on there physically. It's listed under My Computer. I am afraid that this has given someone access to it since it seems to be placed in my Desktop when it was installed.

      I am seriously thinking about starting over and getting a new laptop or deleting McAfee and starting over. but I really wish I could figure out if mine is infected before I spend alot of money I really don't have..

      Thanks!!!

      Daniel

        • 1. Re: McAfee Antivirus Plus
          Peacekeeper

          First see if you are infected. Do you really have to log onto Mcafee really all you need to do is click on the Shield and open it and scan your PC once Mcafee updated.

           

          Run MCPR that will remove mcafee then reinstall it

          http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507

           

          Before reinstalling check if you are infected

          Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -

           

          Download here latest version of getsusp https://community.mcafee.com/thread/32269

          Before you use Getsusp, you should go to this document

          https://community.mcafee.com/docs/DOC-1323

          and download the PDF file explaining what Getsusp is and how it works, and this document

          https://community.mcafee.com/docs/DOC-1761

          which downloads the installation guide PDF document. Ensure you note what it finds re suspicious and unknown program and add your email address to the preferences.

           

          If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :

          Malwarebytes and SuperAntiSpyware

           

          If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open theC:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan usingMalwarebytes.

           

          Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of itand send it to Mcafee using the virus submission path described here :

           

          Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx

           

          Message was edited by: Peacekeeper on 9/04/11 8:19:11 PM
          • 2. Re: McAfee Antivirus Plus
            paullotion

            Hello -

             

            Malicious files allowed to run on your system can delete and or uninstall your antivirus, you don`t need a hacker to do it.

             

            As to add/remove, i have the same thing on my system - pay no attention to it.

            Leave the two mcafee folders installed, this is quite normal.

            As too Generic Host Process for Win32 Services, leave that alone as well, it is required by certain programmes/process - without it you may not be able to connect to the internet. Also never try and delete something unless you know what it is.

             

            I doubt very much your friend installed malware onto your system.

             

            If you bought an iPhone then i would expect to see an iPhone folder on your system, again nothing malicious  there.

            • 3. Re: McAfee Antivirus Plus
              djcavazos

              Thanks for the information, guys.I appreciate the time taken to reply to me.

              I admit, I am not a technical-minded kind of guy. Most of it goes way over my head.

              I'm going to try some of the suggestions you have given me.

              I'm still concerned about the "iPhone" system file since it doesn't allow me to do anything with it except view it. I can't find it anywhere in my hard drive to find it's properties, or when it was installed, or any other information concerning it, and my phone isn't an iPhone, but a Cricket Android. Could someone have connected their iPhone to my laptop at one time and left this as a way to view my laptop via Bluetooth, WI-Fi, or any other wireless connection? 

              Another thing I discovered was that the program I use to burn music and movies saved the file of a movie I've never heard of, or have in my collection. It showed that I burned it

              My desktop was changed a few weeks ago by someone other than myself and it shows it as extended. It's grayed out, not allowing me to change that.