McAfee Support Community - RE: Hi

jungle_jim · ‎07-01-2009

More than two weeks ago everyone in my Hotmail contact list received an email with a subject line containing the word "Hi". The content of the note is as follows:
Hey,
My dear friend, What's up?
I find a site to sell electronic products in very nice price. Laptop , Cellphone even Motorcycle are very popular. Their products are original quality with very low price as wholesale business supplier. They also can do retail business for end user now. Maybe it is suit for your business . If you like you can contact them : www.egoozone.com
E-mail:egoozone@188.com
Msn:egoozone@hotmail.com

V
________________________________________
I did not send the notes. I ran a full scan. Three Trojans were detected - two were quarantined and one was "unable to be removed". I contacted McAfee and was told to run two free scanners - Anti-Malware and SUPERAnti-SpyWare. I did so but they detected adware, no Trojans. I run weekly McAfee scans which find nothing. Security Center tells me I'm 100% protected. Yet, at least once each week, a dozen or more of my Hotmail contacts receives a Hi message. A Trojan is on my hard drive and McAfee cannot detect it. HELP!!!

secured2k · ‎07-01-2009

The first step is for you to change your password. Please do this only on a known CLEAN and trusted computer.

I then suggest you try the following two scanners in Safe Mode with Networking.

ESET Online Scanner
MalwareBytes

jungle_jim · ‎07-01-2009

I changed my password using a friend's laptop. I was able to download MalwareBytes, but did not yet run it. When I clicked on your hyperlink for ESET Online Scanner, a blank page appeared with a note in the Information Bar stating that IE prevented a download. I right-clicked and requested a download, but all I see now is a blank page. As for Safe Mode with Networking, is that a scanner option or is that a "restart my computer" option?

secured2k · ‎07-01-2009

Safe Mode with Networking is an Operating System feature which will prevent most programs and drivers from starting up and allows for repair of your system in many cases.

To get to the Safe Mode options, you need to restart the computer and start pressing the F8 key repeatedly at boot up until you see the Windows Advanced Options. You can then use your keyboard arrow keys to select the correct mode. If you see the Windows logo with the blue or green progress indicator, then you are too late in pressing F8 and need to try again.

The link doesn't work because of a browser security setting that has blocked the download. You may be able to download this file by opening a new browser window and entering the link directly into the address bar.
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

If you have a virus that blocks security sites, you can try the following:
http://home.comcast.net/~secured2k/tools/ESETSmartInstaller.exe

jungle_jim · ‎07-01-2009

Before restarting in safe mode with networking, I turned off McAfee to avoid conflicts with the scanner software. I ran ESET and it removed 11 infections, but I am unsure what the infections were. After ESET ended, I ran MalwareBytes. No infections were found. Unfortunately, I may not know if these scans solved my Trojan problem until next week. Anyway, thanks for your help and your advice.

secured2k · ‎07-06-2009

Whenever ESET finds an infection, it is immediately removed. Things that cannot be removed are scheduled to be deleted when the computer is restarted automatically.

jungle_jim · ‎07-06-2009

After running MalwareBytes and finding no infections, I googled "Trojan remover". One of the sites recommended a-squared. I downloaded a free copy (good for 30 days) and scanned my harddrive. When it finished, it identified one high-risk infection and quarantined it. Since my Trojan seems to wake up and send out emails on a Tuesday or Wednesday, I won't know until the end of the week if a-squared solved my Trojan problem. Why doesn't McAfee incorporate some of the same scanning techniques found in ESET and/or MalwareBytes and/or a-squared???

secured2k · ‎07-06-2009

The authors (coders) of each security program have different authors and not all of the researchers and coders are equal in their methods.

McAfee already had many of the methods these other scanners have. The main difference is the database of analyzed samples. If McAfee hasn't received a copy of the malware, they will not be able to easily detect it. Also, McAfee may not classify many things as a threat as they do not actually contain bad code while some of the other tools will detect a picture or registry entry as a part of the malware and remove it.

jungle_jim · ‎07-10-2009

The week has passed and no new "Hi" mail messages were distributed to members of my contact list. As I said earlier, my EMSI software (a-squared) found a high-risk virus and quarantined it. But, what also helped was your suggestion to change the password on my e-mail account. I really appreciate your feedback and your patience. I'm not sure what to do now to mark this posting as CLOSED.

secured2k · ‎07-10-2009

OK, Glad to hear everything's been working.

//Closed.

Hi

RE: Hi

RE: Hi

RE: Hi

RE: Hi

RE: Hi

a-squared

RE: a-squared

Closure

RE: Closure