cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
agmkhl
Level 7
Report Inappropriate Content
Message 1 of 2

Mcafee Tampered with articles

I am cleaning up a Windows 10 system where I found McAfee not present in Programs and Features but must have been installed and perhaps improperly uninstalled in the past.  I saw this when I ran autoruns and could see multiple components still set to run at startup and running now as Windows services.  Same with Task Manager or procexp.exe.  In autoruns, running as Administrator, I was unable to uncheck (disable) these services. 

Next I download mcpr and it stalled after the progress bar hit around 20%.  Process explorer showed it was stuck:  no advancement in total cpu time for 10 minutes.  I noted these processes all were properly signed (digital certificates) from the procexp.exe and autoruns points of view. 

I don't trust these mcafee services still running and must remove them and am sure I will be able to do so (many options such as Safe Mode, remove disk and delete folders the live in, etc.).  But it begs the question: (1) is this normal for McAfee and MCPR?  In the past, having helped perhaps 500 customers in a few years, I was always able to remove McAfee in those situations meriting it.   Since it it is so popular, if I were a bad actor I would try to tamper with it in some way so it both looks digitally signed (in procexp.exe and autoruns) and becomes difficult to remove even with mcpr.exe (in non-safe mode). 

My real question is *not* how to remove it or what could be affecting this (for example, file or registry permission issues) but generally speaking are there know cases (articles) discussing how it was tampered with and made to be difficult for even mcpr to remove.  Or is mcpr just riddled with issues preventing it from perfectly uninstalling and cleaning up?  Deep down, I believe each antivirus is more or less tamperable and each company has more or less implemented some anti-tampering features.  So, please link me to good articles showing it has been and can be tampered with so that mcpr gets stuck in non-safe mode.  This is all Windows 10 v1903 .

1 Reply

Re: Mcafee Tampered with articles

You might need to run third party tools to clean up those traces.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community