What level should we be scanning at in the stinger? Should I be doing it at high or very high sensitivity level, or leving it at the settings that I open it up at? I scanned last night (I'm in Australia) before I saw your post and came back with nothing. Will try again this morning in Safe Mode with networking...
The Getsusp did come up with the following yesterday -
Suspicious Files: both of which are apps on my desktop from weatherzone.com that I have had for ages
|Status||MD5||Location||File Name||Attribute||Company||Description||Product Version||File Version||File Size||Creation Date||Modification Date||Type||Scan Error|
|UNKNOWN||2e9d51750e7748c78e58e95594ffb3b5||C:\Program Files (x86)\Pollen Tracker||pollen_tracker.exe||A||2,358,766||05/09/2011 17:46||12/04/2008 15:42||Process|
|UNKNOWN||4048115ca3cdd87b59bf2eabc2b52204||C:\Program Files (x86)\Weatherzone Tracker||weather_tracker.exe||A||2,888,403||11/04/2010 17:22||07/17/2009 15:53||Process|
Unknown files: which all look like they should be fine to me too... (My laptop is an MSI)
|Status||MD5||Location||File Name||Attribute||Company||Description||Product Version||File Version||File Size||Creation Date||Modification Date||Type|
|UNKNOWN||21ef01cbd2e5d126d51ef8ffdbb98390||C:\Program Files (x86)\Mozilla Firefox\plugins||npqtplugin4.dll||A||Apple Inc.||The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site.||QuickTime 7.7 (1680.34)||7.7 (1680.34)||159,744||08/30/2011 07:28||08/30/2011 07:28||Module|
|UNKNOWN||ee0c363f957ad7d9fdd42506a98a770a||C:\Program Files (x86)\System Control Manager||MGKBHook.dll||A||Micro-Star International Co., Ltd.||MGKBHook||1.2009.0710.01||1.2009.0710.01||7,680||07/02/2010 02:26||07/18/2009 06:46||Module|
|UNKNOWN||5e9b6779f4ae3a472a668c01832ceee2||C:\Program Files (x86)\System Control Manager||MGSysCtrl.exe||A||Micro-Star International Co., Ltd.||2.209.1127.006||2.209.1127.006||2,408,448||07/02/2010 02:26||02/06/2010 07:39||Process|
|UNKNOWN||71c6748ee8de938532057ef10b4b7e44||C:\Program Files (x86)\System Control Manager||MSIService.exe||A||Micro-Star International Co., Ltd.||MSI SCM Service||1, 0, 10, 0||1, 0, 10, 0||160,768||07/02/2010 02:26||07/10/2009 08:54||Process|
|UNKNOWN||65d88ca8bfb1c3af62a319a405d3eb1f||C:\Program Files (x86)\System Control Manager||MSIWmiAcpi.dll||A||Micro-Star International Co., Ltd.||MSIWmiAcpi Dynamic Link Library||1, 0, 10, 0||1, 0, 10, 0||217,600||07/02/2010 02:26||07/10/2009 08:48||Module|
|UNKNOWN||19dd4282d7cddaea9711b388a2f6fcd7||C:\Windows\SysWOW64||nbirv4svr.exe||A||Neowiz Bugs Corporation.||NBIR4Svr Module||1, 0, 9, 422||1, 0, 9, 422||159,744||05/15/2009 11:20||05/15/2009 11:20||Windows-Firewall|
Ok this is getting out of control now. I ran both stingers for many hours today and neither found anything. I did this in safe mode. When I went back to normal windows the "Open Cloud" window came up. I tried to kill to no avail. I went to task manager and saw it spawning bogus process after bogus process. Now I'm pretty much stuck in safe mode. What can we do to get rid of this thing???? I need my machine and it's getting in to a very bad state. I've now tried malwarebytes, GetSup and both stingers and am getting nowhere. GetSup had nothing in the log. Need HELP!
I had the same problem as everyone here. McAfee Technical Support does not help. They want you to pay for the service to have them clean the computer and fix the problem. Which in essence is paying for the product - which obviously doesn't work and to pay for the technical service to fix their own product!!
I have lost all confidence in this product and the company itself. I had a virus (Open Cloud) and I managed to remove the culprit. This is what I had to do to remove it.
Download: Malwarebytes and RKill
I ran both programs to get rid of the virus - WHICH McAfee should have taken care of. I usually used freeware a/v and never had a problem with them. I got a new laptop and decided to purchase McAfee for protection....that was a waste of money.
If you purchased McAfee - count your loses and move on to another a/v program that works. Check out the ratings on CNET Downloads. If you didn't purchase this worthless program....BRAVO!! Get out of here and go get some protection that WORKS!!
Oh and the uninstalling, reinstalling and all the other crap they expect you to do to fix the problem is a farse! It is not fixable and SHAME ON YOU MCAFEE!!! YOU KNOW THAT YOU HAVE A PROBLEM AND DON'T HAVE THE BALLS TO HELP YOUR CONSUMERS!!!
vinoo is now on this thread he will help when he starts back at work. He knows of this issue and will handle this asap. There is a dat 6489 later on today / tommorrow which should help.Message was edited by: Peacekeeper on 4/10/11 3:31:12 PM
Well my frustration is at a peak. I'm stuck in safe mode now given that this OpenCloud crap spawns about a couple thousand bogus tasks when I try to run in normal mode. Yesterday my problem was just with the firewall staying off but today after running these stingers I can't even use my laptop. For grins I ran McAfee's VirusScan in safe mode and it believed after a couple hours it had found more than a couple thousand infected files. As soon as I went back to normal mode the same OpenCloud junk came up and pretty much locked me out again. From the log I saw that McAfee thought it had found about a half dozen variants of Artemis. Unfortunately I no longer have malwarebytes to even try. Can't install it from safe mode and can't get in to normal mode. I have to agree that my faith in Mcafee is dropping off by the minute ...
Please download the tool listed here-
extract the .exe file.
Once you have that tool saved to the computer that is affected ( you may downlaod it on a good pc and trasfer to bad one via a thumb drive) or login to safe mode with netwowking on bad pc and download it and save it.
Now boot the computer into normaly mode and execute the .exe file on the machine and reboot as instructed.
Repeat the Run process two or three times and report the status
Note if you encounter any Fake alert or open cloud type infection blocking access- just click allow unprotected and proceed- Reply back if you still need assistance.
Safe mode is hosed up for me now on the infected laptop. I downloaded from the link on a different laptop then copied the rootkit remover from a flash drive to the infected laptop running in normal mode. Tried executing and it came back with "64-bit OS not supported yet"
We've logged the 64-bit issue with Engineering and will report back. This threat is a real pig to clean up (understatement of the Year) especially when it's tied in with multiple infections. There is a threat advisory posted already to the Top Threat community space - we will keep updating it as new information becomes available.
I have gotten rid of the virus without the help of McAfee. Thank you very much. Excuse my sarcasim but when you take your hard earned money to purchase a product that is suppose to protect you - or at least the company to stand behind their product - one loses faith when they (me) have to go to other companies to clean up what McAfee couldn't fix.
In order to gain good faith with me - the problem of the firewall not staying up is still an issue. I have read in this thread that others are having the same issue. At least come forth an produce some type of resolution to this issue. If not for me (who is a McAfee consumer) - then for everyone else who is having an issue with the product. This is bad business and not a good sign of Customer Service.
Now, since I am having the issue with the firewall (which I assume is steming from the virus) I can only assume that there maybe a chance that some part of the virus is still attached in some way. If there is any info that you need from me to combat this please let me know. Like I said in the beginning of this statement...I got rid of the virus - using the methods I stated in an earlier thread - I only have the issue of the firewall left.
I will be following this thread.