cancel
Showing results for 
Search instead for 
Did you mean: 
akingunday
Level 7

McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

There is new online Virus, when you go some websites it freezes your screen and blocks your computer and they ant money to solve (remove) this Virus.
You have to go some places to buy a special paycard and write that code into that web page which appears only on your computer...

McAfee does nothing!!!

As an IT Expert I reccomend my clients to buy McAfee, sometimes recommend to buy DELL Systems which comes with McAfee...

Please find below that virus information which I created via EMSISOFT (emsisoft.de) and picture of Virus!

Emsisoft Emergency Kit - Version 2.0
Last update: 18.07.2012 09:38:56

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\
Scan archives: On
ADS Scan: On

Scan start: 21.07.2012 22:08:56

C:\Users\Aras\AppData\Roaming\toolplugin\toolbar.dll  detected: Adware.Win32.Agent.AMN!E1
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4595eca9-4c32c8ca -> cryptosuite.class  detected: Trojan-Downloader.Java.Agent!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\50a0d64-319d62e6 -> a\Data.class  detected: Trojan.Java.Downloader!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\77271c13-223269c2 -> t6a\t6b.class  detected: Exploit.Java.Blacole!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\77271c13-223269c2 -> t6a\t6d.class  detected: Trojan-Downloader.Java.Agent!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\77271c13-223269c2 -> t6a\t6c.class  detected: Exploit.Java.CVE-2012!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\77271c13-223269c2 -> t6a\t6a.class  detected: Exploit.Java.Blacole!E2
C:\Users\Aras\AppData\Local\Temp\goempthnhvhggp.exe  detected: Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\kptufvtqtdyevqli.exe  detected: Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\npkglqqllbg.exe  detected: Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\rgnygtgcuex.exe  detected: Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\tmp1d9f8839.bat  detected: Virus.BAT.Deleter!E2
C:\Users\Aras\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U70104IF\index[1].htm  detected: Exploit.JS.Blacole!E2
C:\Users\Aras\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4A9IXF4T\index[1].htm  detected: Exploit.JS.Blacole!E2
C:\Users\Aras\AppData\Local\MediaGet2\libvlc.dll  detected: Riskware.Downloader.Win32.MediaGet.AMN!E1
C:\Users\Aras\AppData\Local\MediaGet2\mediaget-admin-proxy.exe  detected: Riskware.Downloader.Win32.MediaGet.AMN!E1

Scanned 617381
Found 16

Scan end: 21.07.2012 22:35:08
Scan time: 0:26:12

C:\Users\Aras\AppData\Local\MediaGet2\libvlc.dll Deleted Riskware.Downloader.Win32.MediaGet.AMN!E1
C:\Users\Aras\AppData\Local\MediaGet2\mediaget-admin-proxy.exe Deleted Riskware.Downloader.Win32.MediaGet.AMN!E1
C:\Users\Aras\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U70104IF\index[1].htm Deleted Exploit.JS.Blacole!E2
C:\Users\Aras\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4A9IXF4T\index[1].htm Deleted Exploit.JS.Blacole!E2
C:\Users\Aras\AppData\Local\Temp\tmp1d9f8839.bat Deleted Virus.BAT.Deleter!E2
C:\Users\Aras\AppData\Local\Temp\goempthnhvhggp.exe Deleted Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\kptufvtqtdyevqli.exe Deleted Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\npkglqqllbg.exe Deleted Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\Local\Temp\rgnygtgcuex.exe Deleted Trojan.Ransom.Win32.Foreign.AMN!E1
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\77271c13-223269c2 -> t6a\t6c.class Deleted Exploit.Java.CVE-2012!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\50a0d64-319d62e6 -> a\Data.class Deleted Trojan.Java.Downloader!E2
C:\Users\Aras\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4595eca9-4c32c8ca -> cryptosuite.class Deleted Trojan-Downloader.Java.Agent!E2
C:\Users\Aras\AppData\Roaming\toolplugin\toolbar.dll Deleted Adware.Win32.Agent.AMN!E1

Deleted 13

0 Kudos
1 Solution

Accepted Solutions
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

Ah I understand now.  It's ransomware.   None of the major antiviruses, while OK with the vast majority of infections, fair too well with these as they are constantly changing.   As ransomware requires user intervention to activate, even dismissing it can activate it, the best approach is too immediately power off.  Then boot into Safe Mode and initiate System Restore to an earlier time.    If successful then turn off System Restore temporarily to rid yourself of the infected restore point.

10 Replies
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

It's mainly peer-to-peer support here so not sure if you'll get anyone from McAfee posting here or not.  As an IT professional I'm sure you know that antiviruses aren't 100% guaranteed and what one may catch another may not and vice versa depending on the occasion.

McAfee has Rootkit Remover and other tools available on their free tools page here: http://www.mcafee.com/us/downloads/free-tools/index.aspx    and a summary of them plus other recommended 3rd party tools are linked in that last clickable link in my signature below.  

They also have a free submission service for suspicious files here:  http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx so that they can possibly be included in the database.

.

Message was edited by: Ex_Brit on 22/07/12 9:37:54 EDT AM
akingunday
Level 7

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

Thank you for your kind and nice information!
It is really the First Time here!

0 Kudos
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

You are welcome.  ;-)

0 Kudos
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

By the way, I realised that I posted the wrong link to McAfee Free Tools in my post above, I have now corrected it, sorry about that.

0 Kudos
akingunday
Level 7

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

VIRUS_B_b.jpg

0 Kudos
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

I can't quite read that I'm afraid, apart from not speaking German.  What message are you trying to say?

0 Kudos
akingunday
Level 7

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

(this is just for an Information for other victims)

It is designed Like Swiss Goverment IT Department Warning (In France; French authorities and in Germany German Authorities with LOGO , etc)
It warns you and says; you were some warez sites to download illegal contents like music, film, porno, etc.

They block your computer
And they want you to buy SafePayCard, when you buy that than you have to enter that code (Card is approx. €100.-)

you can try everything, reboot, safemode, etc, nothings happen, the message still there
The only way unplug ethernet cable
Start with safe mode than try Emsisoft Rescue CD
or
with Kaspersky Rescue10 Live CD

0 Kudos
exbrit
Level 21

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

Ah I understand now.  It's ransomware.   None of the major antiviruses, while OK with the vast majority of infections, fair too well with these as they are constantly changing.   As ransomware requires user intervention to activate, even dismissing it can activate it, the best approach is too immediately power off.  Then boot into Safe Mode and initiate System Restore to an earlier time.    If successful then turn off System Restore temporarily to rid yourself of the infected restore point.

akingunday
Level 7

Re: McAfee doesn't find and stop but Emsisoft and Kaspersky finds exactly!!!

Jump to solution

Thank you very much for your responds
I did it like starting in safe mode with rescue stick searched ad cleaned.
It was OK, than normal mode to check it but some missing dlls message

than, when I plug in ethernet cable appeared again the first message as its first infected stage...

did safe mode search again, took documents, etc. back up
System restore to first day!

Thank you again!

0 Kudos