I'm not sure where to put this, so I'll put this here.
Hi all^^, I've been a McAfee customer for many years, and I have a problem with a virus that McAfee's scans can't detect at the moment. I believe the process responsible is called Josaq.
It started when I recieved a compressed file from a torrent that I had been downloading. The original torrent was ( ). Inside that rar, there were 3 files. 1 was the movie, one was 'DVD cover' folder, and the last was 'screensaver' folder. I clicked on the DVD cover folder to see what was in it, and the folder dissapeared. The same happened with he screensaver folder. Then the problems began.
Every 2 minutes (precisely 120 seconds), the virus opens a windows explorer of My Computer, on my desktop, displaying the contents of my folders. It does not appear to do anything more sinister, but it is most disruptive, as I cannot run any full screen programs without the explorer popping up and interrupting me. My McAfee virus scanner and Security Center are up to date as of 22/01/10, and repeated scans failed to detect anything. At the very moment McAfee was telling me there were no viruses, more windows were popping up like weeds. I managed to delete the original folder where the virus came from, and the computer began complaining that 'josaq.scr' shortcut could not be found.
I sent an email to McAfee Customer Service, and here was there reply:
"Please understand that any security software, McAfee or non-McAfee, does not guarantee that all viruses or any form of security threat that becomes available online will be detected and treated. The reason for that is different security software providers receives different kinds of updates. Other security software providers may be the first to receive an update regarding a latest threat for the day, however, that does not mean that McAfee is not working at all or will not detect that in the future. This situation does not happen to McAfee alone. All security software providers experience this same issue. As much as we would like to offer you further assistance, we deeply regret that we, at Customer Service are not trained to handle Virus Removal concerns. Please follow this link to get live assistance in removing the virus or Trojan that may have infected your computer:
1. Select either of the two options under the Fee-Based Virus Removal: Virus Removal Chat or Virus Removal Phone
2. Choose a country from the drop-down menu list and click “Next”
3. Choose which Service Type you prefer and click “Next”
4. Please fill in the required details and click “Submit”
You may also make use of Free Scan options. While you may decide to use Phone Support and Chat Services at any time, we recommend that you try the Free Scan services first. Online services are usually the quickest path to problem resolution."
I was unable to obtain any advice from Customer Service, only a redirecion to the Virus Removal Service which costs 59.99 pounds.
Has anyone had any experience in dealing with these sorts of problems? Could anyone help me out please?
Oh yes, before I forget, here is the site where the original torrent came from (ie DO NOT attempt to open it if you don't know what you're doing):
Potentially dangerous link removed.Message was edited by: Ex_Brit on 23/01/10 7:36:34 EST AM
Moved to the correct area. No anti-virus on the market today offers 100% protection. You have to be very careful.
I haven't heard of this particular one but it might help to try the free versions ofr these two tools:
Update them before running and let them remove anything they find:
It seems to be getting worse now... in the McAfee Inbound Events logs, it showed that in 50 minutes, over 3000 computers at various addresses attempted to make an unsolicited connection via different ports to my computer. After upping all McAfee security options to the max, with the tightest alerts etc, I reconnected the computer, and still there are computers attempting to connect to mine. This never happened at all before this problem. Will renewing my computer from a restore point reverse this?
The virus appears to be using rundll32.exe to cause the multiple windows to open. Is there any software that I can use to track which programs are using rundll32.exe?
There is absolutely no need to panic when looking at Inbound Events. Those are really only there as an "FYI" because they represent failed attempts. Not all things there are harmful either.
I had one person panicking recently and it turned out it was his own router and network that was pinging him.
I suggest you download Hijackthis and post its log on one of the following forums for expert guidance:
Do not post the log here, we can't help!
Post the logs at a specialist Forum:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
The reason so many other computers are hitting your computer is that you are now part of the Torrent. The way Torrents works is that it allows for faster downloading by allowing other users of Torrent to download parts of the files from people who already have them. Since you pulled Ninja Assassin from Torrent, your system is now registered so others can get the file from you as well. So that over 3000 computers translates to over 3000 other people downloading Ninja Assassin from Torrent and getting directed to your system to pull some of the file. That's just the way Torrent works.
In regards to the other issue, are you still seeing the windows popping open?