cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Mcafee update problems.

For about a week now, I haven't been able to update or run McAfee, or get to Mcafee website. I am running Windows XP sp2. i have run the following programs in the past several days with different results.

MBAM:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Super antispyware found 552 cookies

ESET:
C:\Documents and Settings\HP_Administrator\Local Settings\drtdoiq.eoc Win32/Delf.OHS trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\Acr676.tmp PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\ZQ6Y9LPH\flow[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined

MBAM again:
C:\Documents and Settings\HP_Administrator\Local Settings\drtdoiq.eocx (Trojan.Daonol) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\drtdoiq.eocxx (Trojan.Daonol) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.

SAS again:
Adware.SeekSuggest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0008018.DLL

DR.web-cureit:
wrconsumerservice.exe;c:\program files\webroot\webrootsecurity;Probably DLOADER.Trojan;;

ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe/data002;Program.PsExec.171;;

data002;C:\Documents and Settings\HP_Administrator\Desktop;Archive contains infected objects;;

ComboFix.exe;C:\Documents and Settings\HP_Administrator\Desktop;Container contains infected objects;;

ComboFix[1].exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18Z0T\ComboFix[1].exe/data002;Program.PsExec.171;;

data002;C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18Z0T;Archive contains infected objects;;

ComboFix[1].exe;C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18Z0T;Container contains infected objects;;




I have SpySweeper which just update recently to include virus protection, which was still running until i ran DR.WEB-CUREIT. I was not able to get to the Registry Editor, But one of those several programs has now made it possible, but I'm clueless as to what to do from there. I need help PLEASE
Labels (1)
16 Replies
secured2k
Level 11
Report Inappropriate Content
Message 2 of 17

RE: Mcafee update problems.

One of your detections (Delf/OHA) might require the following steps. Please give this try. ONLY If you still have a problem, follow the RootRepeal steps below and post the resulting log.



RootRepeal

When you run the program, go to the Report Tab at the bottom. Then hit scan and select all items. You can save the report when done. If you have problems running this tool, please try in Safe mode.

Post the log results when done.

RE: Mcafee update problems.

Here is the log from RootRepeal. It was to long to post in this forum.


http://pastebin.com/m46ed6be1
secured2k
Level 11
Report Inappropriate Content
Message 4 of 17

RE: Mcafee update problems.

The log file shows signs of an MBR infection. This could be a false positive, but to be sure, please run rootrepeal again in Safe Mode. Also, please provide information about your 'J:" drive.

RE: Mcafee update problems.

Here is the log from the most recent ROOT REPEAL scan in safe mode. I couldn't scan all 3 drives in safe mode. When I tried, the computer rebooted itself. So this scan is just of drive C. Drive J is an external drive, My Book.

http://pastebin.com/m1f03e3e4
secured2k
Level 11
Report Inappropriate Content
Message 6 of 17

RE: Mcafee update problems.

Your scans appear to be clear!

RE: Mcafee update problems.

Unfortunately, I'm still not able to open the Mcafee Security Center. And I still am having a lot of problems with my browser. Any suggestions?
secured2k
Level 11
Report Inappropriate Content
Message 8 of 17

RE: Mcafee update problems.

To cover all the basics, I need to know what you found when doing the instructions before RootRepeal (The Autoruns Quote).

RE: Mcafee update problems.

Ok, I'm unable to copy and paste the results from AutoRuns, and there doesn't seem to be any log. But the one entry that I unchecked in the "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 " was titled "aux2" and the image path says

"File not Found: C\DOCUME~1\HP_ADM~\LOCALS~1\Temp\..\drtdoiq.eoc.

I don't know if there's a way to get to the log to copy the results because the Help menu won't open. Does this help?

RE: Mcafee update problems.

You may email me your autoruns log and I will check to see if there is anything else suspicious in there.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community