My McAfee Security Centre has gone all haywire. I noticed an issue with Internet Explorer where when I click on any search result....instead of taking me to the page I want to go to, I end up on some landing page either and advert or some other obscure search engine. I tried to run Virus Scan but it doesn't want to know. So I downloaded and ran the Virtual Technician and it showed Firewall off, Real Time Scan off, in fact everything disabled, even though Security Centre shows all green. I ran the analyser as well and tried to auto fix, but no joy.
Stinger downloaded and ran it, but it just stops working and won't run at all. Tried to run Malwarebytes as well, same result as Stinger, just bombs. I have found this running in the processes list 255720159:2283639911.exe
Any advice please? Thanks in advance.Message was edited by: delmeister on 24/09/11 10:02:14 CDT
What is your operating system, service pack and what version of Internet Explorer is installed (whether or not you use it)?
Try booting to 'Safe Mode with Networking" by tapping F8 repeatedly while booting up and then selecting it, usually number 2 on the ensuing menu.
That should give you safe mode with internet access.
Bring up Malwarebytes - which I hope is the free version as the paid one can clash with McAfee - and update it.
Then run it in that mode, it works fine in that mode so you ahouldn't have any problems. See if it removes anything.
If not then I suggest trying some of the McAfee tools listed here: https://community.mcafee.com/docs/DOC-2168
There are two types of Stinger and another tool that allows you to upload a suspected file to McAfee, called Get Susp.
Thanks so much. I did as suggested, and also loaded SuperAntiSpyware and SpywareBlaster in Safe Mode. Stinger, Super and Malware all crash when trying to scan....in Stinger it crashes at svchost.exe in System32 folder. I uninstalled IE9 and now use IE8. With SpywareBlaster working in Safe Mode IE is not hijacked anymore, but of course I still can't clean anything. Here is the log from Virtual Technician:
|Operating System||:||Microsoft Windows 7 Home Premium EditionHome Edition (Build 7601)|
|Service Pack||:||Service Pack 1.0|
|Internet Explorer Version||:||8.0|
|Internet Explorer Language||:||en-gb|
|System Drive Type||:||NTFS|
|Physical Memory Available||:||2097151|
|Physical Memory Total||:||2097151|
|Virtual Memory Available||:||5802284|
|Virtual Memory Total||:||6279236|
|System Architecture||:||x86 Family 6 Model 23 Stepping 6Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz|
|Date Time||:||09/24/2011 17:59:39|
|Time Zone||:||GMT -00:00|
Superantispyware doesn't work in Safe Mode and I don't believe Spywareblaqster does either, but as the latter is only a passive protection anyway I can't guarantee that, just keep it updated that's all. Stinger may fail in Safe Mode but you can run Malwarebytes free version, I know because I use it myself. If it's crashing then something much more serious is going on. You could try uninstalling Malwarebytes and reinstalling it from here: http://www.malwarebytes.org/products/malwarebytes_free and do that in Safe Mode with Networking.
I strongly recommend that you upgrade IE once again to IE9 as it is much safer than IE8 and in fact has been labelled as possibly the safest browser around at the present time.
Your McAfee software appears to be last year's version, which could be the case if you obtain it from a 3rd party, your ISP or your coimputer maker for instance, is that the case?
This may not be an infection. This sort of thing can also happen with the use of Registry Cleaners.
Just a thought : that process (255720159:2283639911.exe), is it still there? Process Explorer might be useful for finding out what it is and where it's come from.
Hi Hayton, yes 255720159:2283639911.exe still shows. It won't allow me to end the process, nor look at properties...just can't seem to do anything with it. Think I will uninstall McAfee and see if a reinstall works. Tried Malwarebytes again, uninstalled and reinstalled, it updates okay, but when I try and scan it crashes about 30 seconds in.
Download Process Explorer from SysInternals. It gives a lot more information than Task Manager. If you want to see where this process comes from, AutoRuns (also from SysInternals) will probably show it. You may have something unwelcome on your system, and these two utilities should help you identify it.
Edit - If you can't get anything else to work, try the Windows Live Safety Scanner - download from HERE. It's a big download, so be patient. Once you have it it's good for about 10 days, then it expires.
Message was edited by: Hayton on 24/09/11 20:45:35 IST
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.
Can you update Malware bytes? Some of these as well as disabling AV and Anti malware products recognise where they are installed and their exe files. What may work is download Malwarebytes and stinger onto a usb stick on another PC and rename the setup files. Install them on the PC in trouble and rename the folder it wants to install it into and also rename the main exe file. Run Mwb and stinger and see it that works.
If no chop have you considered restoring back to a time before you had this issue sometimes , not always , this helps.
Right, have done the following:
Process Explorer, AutoRuns and Windlows Live Scanner all installed okay, but all crash when you try and run them. This is the same issue I had with MWBytes and others, including McAfee, whether its scan or update. No spyware/virus software works, they all crash when you run them, and after that if you try and run hem again you get an erroe message saying you don't have admin rights. Can't uninstall either. Basically, this is a nasty little bug that is controlling my apps. Also tried a system restore but it only goes back to 8 Sep (which I guess is when the bug hit) and it won't do a restore anyway. I am going to try the USB stick method suggested by Peacekeeper, I will be able to run Stinger off a USB so hopefully that works. Will try the installs with renamed files/directories as well and see if that works. Never been beaten by a virus before so hope I can resolve this issue.