I'm conducting scans with RogueKiller on some infected machines here that all had McAfee Internet Security, and all of a sudden I see a red flag "ZeroAccess Activity Detected" File: "MCShield.exe"
Could anyone explain to me why exactly this software includes a rootkit?
I've removed the software completely, and sorry guys, replaced it HAPPILY with Norton.
McAfee software contains an anti-rootkit component. Did it not occur to you that Roguekiller may be incorrectly diagnosing the files?
That would of course be a subject for their support forums.
I'm unaware of where the correct area to post this would be, I found the whole posting thing more unclear than the intentions of the software...
I'm not certain if it was an incorrect diagnosis or not, but I did find out in some searches that multiple people are having the same problem as this one user had on their machine.
I installed free McAfee on a few other computers at the shop here and ran the same scans:
all 4 of the machines detected MCShield.exe as a rootkit in Roguekiller
1 out of 4 detected ZeroAccess Rootkit Activity in a scan with RKill
All 4 of the systems were brand new and had not previously been connected to the internet until the installation of the McAfee software..........
Did you read what the developers of RogueKiller said about their program and false positives?
Also have you bothered to look on the RogueKiller forums and read the FAQ and Known Issues?
3- ZeroAccess/Whatever found in Antivirus process
This is a false detection, due to database loaded in clear in the antivirus process. Please open a new thread on the forum and DUMP the process memory with process explorer to confirm and whitelist.
Tigzy, June 10 2014 :
It looks like McAfee exposes its database in clear in memory.
So it's detected as ZeroAccess.
I'll try to find a way to avoid this detection. Thanks
Appreciate the answers guys, I haven't looked at them since they were in french as far as I could tell. Thank you though, it was simple curiosity that led me to ask. I've never encountered that before today, it's always alarming when you see ZeroAccess.
Alarming indeed and sorry you had trouble navigating these forums. They were recently "upgraded" and are bamboozling everyone, including us Moderators.
Maybe you should think again about using RogueKiller. I would have thought things like that would only be necessary if all else failed in a severely infected machine for instance.
We never recommend tools like that unless under the supervision of the forums that specialize in analysing Hijackthis logs, like BleepingComputer, Malwarebytes etc.
I am a member of Bleepingcomputer forums, going through their malware training at the moment. I am also a computer technician by trade, thank you though.
The dark side.............. You actually like McAfee products..? Like for real, this isn't just a huge joke like I've always thought?
OPERATION TOVAR comes to mind.....?