Mcafee virus scan found several viruses on my computer a few days ago. Some it was able to fix, others not. I ran the scan again in safemode and followed the Stinger instructions. That got some more. However, when I ran a scan again today it said there were two viruses, both Desktop.ini that it can't fix. Also, my computer starts out with firwall on, however several minutes after being turned on, the firewall turns off and I can't get it back on. Could anyone help me in fixing this? I am not techie at all so will need fairly detailed instructions. I tried calling McAfee but they want to charge me, so I thought I'd try this myself. If it makes any difference, its an ASUS computer, Windows 7, service pack1.
Reboot that maybe necessary to clean the files
Also try booting into safe mode and right click the shiled and choose scan. That might pickup same more.
that done try some of the other scanners here
With getsusp make sure you add your email to the preferences so Mcafee can fillow up anything foundMessage was edited by: Peacekeeper on 16/08/12 8:06:04 PM
desktop.ini is normally a hidden System file and valid. Are you sure they are dangerous? Have you got System files and folders enabled in Windows Explorer Tools > Folder Options > View?
My XP McAfee reports a C:\Windows\Assemblies\GAC\Desktop.ini, but it is not there. I even rebooted in safe mode, opened a command prompt, and navigated to that directory. And I am obviously infected, since my desktop keeps rearranging itself.
What name is it giving to the detection? Try running McAfee in Safe Mode by rebooting and tapping F8 repeatedly while booting up and then simply right-click the taskbar icon and select Run a Scan. All you'll see will be activity in the icon, hover over it for a report of progress.
Run Stinger and Malwarebytes Free both listed in the last link in my signature below.
The file may be a hidden file. Did you try searching for it from the command line using "dir /ah d*"?
Finding that file in that location is not good news. It's an indicator that you may have been infected with the ZeroAccess rootkit. You can try some of the general-purpose removal tools that we recommend here, but it's a stubborn piece of malware and difficult to remove without specialist help. You may need to go to a forum like BleepingComputer - http://www.bleepingcomputer.com/forums/forum79.html
First though try the easy self-help steps.
- Obviously, a full scan with McAfee using the latest DAT, which is now 6812.
- Follow this with the Stinger tool, from http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
Stinger will deal with many, but not all, of the reported ZeroAccess variants. If it doesn't remove a reported ZeroAccess infection run the Rootkit Removal Tool -
- Then run Malwarebytes free version
If, at the end of all this, you still have a rootkit infection, don't be surprised. They're designed to be invisible, and to attack and disable any attempts to remove them. That's when you would need to ask for help on BleepingComputer.
Look for "desktop.ini" also in the following locations :
See the thread about a similar problem at
HitmanPro does a good job of detecting ZeroAccess and is recommended by other posters but the free version will only detect it, not remove. Nevertheless, anything that helps you find out if ZeroAccess is actually present (like I said, it's good at hiding itself) is a valuable tool and so worth recommending.
Thanks for the help. I think one of the McAfee updates must have gotten it because I've run the scan and Stinger several times and it now comes back with no viruses detected. However, it still won't let me turn on the fire wall. Does this mean I still have a virus that isn't being detected or is there another issue going on? My computer so far is behaving normally. Any hints on how to turn on the firewall and get it to stay on? I click on firewall, go to settings and it gives me the option of turning on the firewall. But when I click "Turn On" it immediately turns itself off. So far I haven't done anything with Hitman Pro or Malwarebyte or anything else. I just haven't had much time to work with this. Thanks again,