cancel
Showing results for 
Search instead for 
Did you mean: 
lionfan
Level 7

Virus Attack????

11/7-8/11

While browsing I ran across an interesting site. In the process of loading the web site into my browse I was asked if I wanted to install a new version of Java. Thinking that my MacAfee Antivirus software would protect me from any threats I answered yes and I immediately received a threat warning from a program from Privacy Protection (PP) which immediately started identifying viruses that were loaded on the system. I attempted to run a quick scan using MacAfee, the scan completed successfully without identifying any virus threats. I continued to get messages from privacy protector informing me of increasing threats and asking me to activate (PP) to stop the threats. I had increased trouble running programs (internet explorer, word, MacAfee, solitaire, system configuration). I allowed PP to perform a full scan and it reported over 80 threats. I then ran a full scan using Macafee and it completed without reporting any threats. I then loaded windows in safe mode without any errors or threats reported. I loaded windows in safe mode with networking without problems and connected to the internet.

I then took a WAG (wild ass guess) and said to myself this is a program I loaded when I was asked  to upgrade Java (which it probably didn’t do). I checked the startup menu in system configuration and there were two programs which had installed themselves into the startup menu in the timeframe which was the same as the Java update

Program Info

                    named: yuf develop;

                    manufacturer was jet brains s.r.o

                    program location: (drive letter):\users\(username)\appdata\roaming\privacy.exe

                    registry key: hkcu\software\microsoft\windows\currentversion\run

                     named: SunJavaUpd

                     manufacturer: unknown

                     program location: (drive letter):\program files (386)\java\javaupdate

                     registry key: hklm\software\wow6432node\microsoft\currentversion\run

                    

                   

I then copied all references from the two programs and deleted them from the registry. This removed all references from the system, I still must research two questions as best I can:

                Why didn’t Macafee prevent this problem?

                Why did PP try to install itself on this system?

I am running ATT Internet Security Sutie by McAfee. Any asistance is appreciated.

Any input is appreciated.

0 Kudos