cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Re: If you have Fake AV Software showing up on your system, read this

Ok so I will run it right now in the other mode and post the results.

Do I still turn on system restore off?

Re: If you have Fake AV Software showing up on your system, read this

No, you don't have to do it for this run. If the results look plausible and you decide to run with repair turned on, then disable system restore before the second, repairing run of the Stinger.

Message was edited by: imikhlin on 04/03/10 17:17:22 GMT

Re: If you have Fake AV Software showing up on your system, read this

figured out how to post log. in next post

Message was edited by: sunny10 on 3/4/10 1:03:11 PM CST

Re: If you have Fake AV Software showing up on your system, read this

I've moved your log into Artemis discussions,

http://community.mcafee.com/message/117720#117720

Let's see what Artemis experts say.

Irene

Re: If you have Fake AV Software showing up on your system, read this

I got infected yesterday, but there was no AV.exe process in the task manager.  I have a fully updated Ad-aware running for continous protection, but it offered no protection.   McAfee removed one file during the on-acces-scanner activation, but the annoying non-harmful infection continued by telling me that my windows firewall was down, and that my pc was being infected.  I wen to the control panel security center and confirmed that this bug has taken over my ability to check the security setting and replaced them with the usual "click here to purchase our protection software."

I tried mbam, which I have been using for a year already, and it would not run.  The latest version of the bug blocks running or installing a fresh copy of mbam.

So, I changed the name of the mbam application in its directory, and it still wouldn't run.

Then I right clicked on the mbam application and chose option "start"

after the third try of "start", to my suprise, mbam ran, and on a smart-scan, it found the bug, and offered a cleanup / reboot sequence.

After agreeing to the removal / reboot,  mbam successfully cleaned the bug, so I ran a full-scan mbam immediately which found nothing.

i will run the stinger tonight to see if it finds anything additionally.

the short story is mbam is the way to go, but only if you can get it running!

Re: If you have Fake AV Software showing up on your system, read this

For years, I have been use to almost no infections of any kind, excepting the occasional tracking cookies that ad-aware / spy-bot / mbam find during weekly scans.

this changed two days ago - I cleaned out the Fake AV with mbam.  Yesterday, I ran the mcafee stinger, and it found nothing.

my scheduled mcafee update is at 2am, with a scheduled fullscan at 3am every night, with nothing found.

here is what the on-access scanner found last night some time before the 3am scan

3/5/2010    12:34:17 AM    Deleted     THE-NEW-LAPTOP\Default    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0137628.exe    Generic FakeAlert!em (Trojan)

for the record, my mbam was not deleted, but  i did a precautionary uninstall/reg clean/re-install for malwarebytes anyways.

is this A0137628.exe a new variant on the Fake AV? 

are virus creators changing the virus daily, and if so are mcafee updates a couple of days behind the changes, always playing catch up?  and if so, is a reasonable solution for the AV bug to just turn off the pc for a few days, then turn it on, update mcafee manually, and do an on-demand scan?

also, any ideas on why only one laptop in a house of three got infected behind a mac-filtered 2wire pass coded router?

jimb
Level 7
Report Inappropriate Content
Message 97 of 98

Re: If you have Fake AV Software showing up on your system, read this

Mcaffe scan found av.exe which was not the problem,and Microsoft scan after did not find any problems. I ran the fake av stinger in read-only mode without success.  It identified 36 trojans, all save one, looked like false positives.  One, however, pointed to a suspect file that I had been trying to find earlier:  C:\documents and settings\userid\local settings\application data\MSASCui.exe.  This file was a hidden system file. This was the program running the fake av alert pop up.  I searched for further info on the internet found the following fix (i have copied and pasted my posting regarding its results):

One Feb. 26, Jackie posted the fix that worked for me:
“I had a slightly different version of the virus which did not use  AV.EXE. Instead it created a hidden file in >Docs and  Settings>username>application data called MSASCUI.EXE (which is  the correct name for the real windows defender executable, I think).
The registry hack that it made (changing exefile to secfile, and  pointing secfile at its own infected msascui.exe) meant that when you  tried to run any executable it instead ran the MSASCUI.EXE.”


After deleting the msascui.exe file in the user local  settings/program data, I ran regedit, searched for secfile, and changed  it to exefile.  Only one occurance found of secfile, so that was easy!   All my programs work, AND NO VIRUS!

This info was found on the Virus Removal Guru website, which, according to Firefox/Web Of Trust add-on is not a trustworthy site.  However the fix to the registry shown above fixed the problem of not being able to run any programs after the virus file was deleted.  Hope this helps.

Message was edited by: jimb on 3/10/10 3:34:41 PM CST
SamSwift
Level 12
Report Inappropriate Content
Message 98 of 98

Re: If you have Fake AV Software showing up on your system, read this

I'm locking this thread and starting a new one as we have a new release available, and moving forwards we will be releasing them on a much more regular basis.

Sam

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community