cancel
Showing results for 
Search instead for 
Did you mean: 
Tonytoolman
Level 7

My computers were recently blocked by a virus that McAfee did not recognize.

The virus was called Securities Tool and I had to purchase their Antivirus software before I could use the computer again.

Are you familiar with this product?

0 Kudos
4 Replies
Hayton
Level 17

Re: My computers were recently blocked by a virus that McAfee did not recognize.

Maybe. Does it look anything like the product shown in this link?

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

0 Kudos
exbrit
Level 21

Re: My computers were recently blocked by a virus that McAfee did not recognize.

Moved provisionally to Malware Discussion > Home User Assistance.

0 Kudos
Tonytoolman
Level 7

Re: My computers were recently blocked by a virus that McAfee did not recognize.

Thanks for your notes.

I reallly do not wish to open any new antivirus programs till I hear from McAfee

0 Kudos
Hayton
Level 17

Re: My computers were recently blocked by a virus that McAfee did not recognize.

Please read these short descriptions of rogue programs before you decide what to do :

http://www.bleepingcomputer.com/virus-removal/rogue-programs

http://service.mcafee.com/FAQDocument.aspx?id=TS100767

and also this document, which contains some of the advice set out below

https://community.mcafee.com/docs/DOC-1294

"Securities Tool" is not one of the (very many) known rogue programs.

"Security Tool" is. It is scareware. It will try to persuade you to buy a useless and possibly harmful program. If you click on a scareware window, and if you try to run the downloaded program that it tries to persuade you to buy, your PC could become infected with malware. Even if does not, you've wasted your money on a fake program. McAfee and other AV programs may not detect these because they are not, strictly speaking, viruses; only if the program starts to download known malware will McAfee move to block it.

If the page I linked you to at bleepingcomputer.com shows you a picture of a program that looks the same as the one you've bought, then you've been sold a (potentially dangerous) rogue program.

The information on the page whose link I provided will help you to remove it.

Alternatively, you could do the following :

Update your dat files and scan your PC with Virusscan in Safe Mode.

To do this, tap F8 repeatedly while booting up. You'll get a boot screen with choices. Pick Safe Mode. Your PC will boot in a low resolution state as most processes won't be running. Go to "My Computer" (XP) or "Computer" (Vista), right-click the hard drive and select "Scan" from the drop-down menu. You'll see an extra taskbar icon which will show a progress report if you hover over it.

If you think you have a virus infection on your PC do one or both of the following :

- Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -

  set it to Report Mode (in Preferences) and post the logs of anything it detects.

- Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback

  You will have to ask there for Getsusp, which is a Beta program and not yet on general release.

  Before you use Getsusp, you should go to this document

  https://community.mcafee.com/docs/DOC-1323

  and download the PDF file explaining what Getsusp is and how it works, and this document

  https://community.mcafee.com/docs/DOC-1761

  which downloads the installation guide PDF document.

If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :

Malwarebytes and SuperAntiSpyware

If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open the C:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan using Malwarebytes.

Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of it and send it to Mcafee using the virus submission path described here :

(The following has been copied from a post of Peacekeeper's, to whom I am grateful for saving me some typing).

Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx

Zip the file and password it with password infected.

You will probably get an autoreply back saying it is infected; reply asking for it to be manually tested.

Include in your first submission :-

Submission Information
Please provide the following information along with your sample. It will help us speed the sample review process:

  • A list of all files contained in the sample submission, including a brief description of where or how you found them
  • What symptoms cause you to suspect that the sample is malicious
  • Whether any security products find a virus (tell us the  security vendor, its product name, the version number, and the virus  name assigned to the sample)
  • Your McAfee product information (product name, engine, and DAT version
  • Any system details that may be relevant (operating system, service packs, etc.)

You now have two answers to your question, one short and one long.

Pick whichever seems to you to offer the better path to cleaning your PC of this program, and let us know how you get on ...

Message was edited by: Hayton, fix a couple of typos, change formatting on 23/11/10 01:39:59 GMT
0 Kudos