cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Opie
Level 7
Report Inappropriate Content
Message 1 of 115

Antivirus Action infection

My computer has been infected with a program called Antivirus Action which seems to be a lot like "Security Suite" and "Fake Alert".  I managed to get control back of my internet but I don't know how to get rid of the virus.  I did a full scan for Viruses and McAfee didn't find anything.  So I took the advice of Vinoo Thomas and ran "GetSusp".  So can someone help me get rid of this virus or is there a cleaner program that I can use.

Thanks,

Aaron

114 Replies
vinoo
Level 13
Report Inappropriate Content
Message 2 of 115

Re: Antivirus Action infection

Thanks for the posting the GetSusp logs. The culprit is:

C:\Users\Aaron\AppData\Local\Temp\icijtlhss\fwudqacyhsn.exe
md5: 6638b3e8e264647748835768332b3729

Try to boot to safe mode and delete this file.

GarryK
Level 7
Report Inappropriate Content
Message 3 of 115

Re: Antivirus Action infection

Vinoo - for the un-initiated this is not of great help..

I too have the virus above - but in replacing "aaron" with my name - I could not find the file..

What is McAfee doing to update the virus protection to eliminate this issue??

Disappointing too that there is NO WAY to access a Customer Service or Technical agent for Ireland - yet we pay the same fee as the rest of Europe..

vinoo
Level 13
Report Inappropriate Content
Message 4 of 115

Re: Antivirus Action infection

@Garry: The folder name under Temp is random. That could be why you could not find the file. Could you run GetSusp on the affected machine and post the logs here please?  Download it from: https://community.mcafee.com/message/148081

I'll be able to then help you isolate the culprit.

@Aaron: Glad you were able to delete the malware file. The registry changes this Trojan makes are benign without the actual file itself. For example it creates a run key to execute everytime at system startup - without the executable, this key is harmless. Based on reviewing your GetSusp logs and if your system is behaving as normal - there shouldn't be anything to worry about.

godanicus
Level 7
Report Inappropriate Content
Message 5 of 115

Re: Antivirus Action infection

Hi Guys i just got infected too while running total protection, how did it slip by mcafee??

I was able to disable antivirus action on the process tree but it regenerated this morning.

Ran getsusp but what is it i am looking for ???

vinoo
Level 13
Report Inappropriate Content
Message 6 of 115

Re: Antivirus Action infection

@godanicus:

Please post the Gsusp.zip file that GetSusp created on your machine to this thread - i'll review and let you know if it identified the malware file.

godanicus
Level 7
Report Inappropriate Content
Message 7 of 115

Re: Antivirus Action infection

Hi, is this what your looking for?

vinoo
Level 13
Report Inappropriate Content
Message 8 of 115

Re: Antivirus Action infection

Thanks for posting the logs.

Reviewing them, it doesn't appear you're still infected. Are you still seeing any infection symptoms?

Re: Antivirus Action infection

Like the others I have aquired "Antivirus Action Infection".  I am running Internet Security 2010 with the most current updates.  I have downloaded GetSusp 3.0.0.81 and the application guide.  When I attemp to execute it I get a "Password Needed" screen.  Please advise me on how to proceed.

G33K
Level 7
Report Inappropriate Content
Message 10 of 115

Re: Antivirus Action infection

I insist on downloading Malware Bytes - Anti-Malware and updating that. I tried it and it seemed to find 2 infections related to Antivirus Action. I then removed these and it seemed to remove the program. Will update comment if anything returns.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community