I tried the above and no joy, I couldn`t even see the service. I finally used a script to stop service and merged with registry. Issue gone. PC runs quite a bite faster. I don`t know why I could not locate service using built in methods but non the less the script worked and no more issues.
Thank you for your help. I wonder if McAfee is aware of this problem, if it is indeed one.
Again, Thank You All!
I don't think this is a McAfee file, and its presence in that location is suspicious.
Also, that filename crops up in a number of posts in other forums where users report they have a ZeroAccess rootkit infection. May be coincidence, but maybe not.
Download and run these two McAfee programs and see what they report. Don't forget to read the 'How to Use' instructions, links to which are on these webpages.
Rootkit Remover -
On the assumption that this is a sign of a malware infection I've moved the question to Security Awareness / Malware Discussion / Home User Assistance.
Ran both tools earlier. Niether detected any issues. I`m at a loss. I am running XP Home SP3.
Message was edited by: keekem on 7/18/13 8:43:05 PM CDTMessage was edited by: keekem on 7/18/13 8:44:02 PM CDT
I checked on XP and I don't have it. Still a suspicious file.
If you haven't deleted it yet, run GetSusp. If that program finds unknown files it send them off for analysis.
In this situation I'd also run Malwarebytes Free to get a second opinion. Given that this is hiding in a strange location I'd opt for a full scan.
I ran GetSusp and MBAM. Several files in question in Getsusp but they checked out. However the mentioned service was not listed Uploaded to McAfee. MBAM was clean
A tad mind boggled.
Is it proper to just delete it without knowing? Will that cause more complicated issue?
Message was edited by: keekem on 7/18/13 9:42:39 PM CDTMessage was edited by: keekem on 7/18/13 9:46:45 PM CDT
IT turns out that MFE_RR is a service from McAfee Rootkit Remover. It installs to that location. What alarmed me was that in all searches of this services was tied to user post that were infected with the ZeroAccess trojan (mostly).
I am a tad surprised non of the McAfee folks chimed in on this.
The issue now is how to get rid of this service.
Message was edited by: keekem on 7/20/13 10:44:23 AM CDTMessage was edited by: keekem on 7/20/13 11:09:10 AM CDT
Well, if the .sys file is a leftover from Rootkit Remover that accounts for its presence in all those rootkit-removal threads.
Once you've run Rootkit Remover the file (and any service associated with it) is probably not needed any more.
Try deleting the file. If it's in use and you can't delete it, look for a running service associated with it and stop the service manually, then try again.
If you still can't delete the file there is a utility from Malwarebytes called FileAssassin which is said to be effective (I can't vouch for it because I haven't used it yet).
keekem wrote: I am a tad surprised non of the McAfee folks chimed in on this.
The McAfee people don't come down these mean streets very often. They prefer the rarified atmosphere of the Enterprise section - the starship zone to our near-space-shuttle park. That's how we can get away with sometimes being stroppy and insubordinate. Heaven forfend that the senior suits from McAfee or Intel should ever turn their attention to our little enclave
We can always get their attention if it's important though.Message was edited by: Hayton on 20/07/13 19:08:20 IST