I was working in Africa recently and one of the pen drives I was asked to download info’ to passed on the virus Rimecud!mem which was not caught by McAfee. Since then various unrequested websites have automatically opened on Firefox, usually they are talking about corporate finance but there is also a pretty nasty hardcore site and one that displays pointless symbols. Other issues have been the locking of the computer completely – black screen and no way to turn it off other than remove the battery and prevention of access to email addresses that have been used for years.
I attributed this to a virus and forced a scan by McAfee which this time (as opposed to the usual auto scans) found the virus called Rimecud!mem. When I looked it up I found that it was distributed by pen drives and opened web pages. This seemed to be the answer and McAfee says it removed it but I still have the problem of unwanted pages opening at random, - and believe me, if you are giving a PowerPoint presentation, you really don’t want that stuff appearing on screen.
Further scans have found nothing and Spybot has also found nothing.
Does anyone know of this problem and how to solve it. Even barring the websites would be useful but I don’t know how to do that with McAfee
I am not personally familiar with this virus but I can tell you that the "!mem" part fo the detection means the virus in active in MEMory. Usually when this is the case, the virus cannot be removed because it will protect itself or loads inside of other legitimate programs. If the scanner did detect it, it's best to scan the computer in SAFE MODE which will prevent most non-Windows programs and files (including viruses) from starting up.
Note: Safe Mode does not guarantee all 3rd party software such as malware is disabled.
Please check you have 'scan on read' enabled in your on-access scan settings.
Can you also provide details on the McAfee software and patch version that you are running as this may be useful.
Many memory infections require a reboot and a further scan to remove malware, or a scan in safe mode as Mark has already stated.
You might want to check the host file to see if it's been modified via the typical location of C:\windows\system32\drivers\etc\ then file 'hosts'.
Edit the "hosts" file with the Notepad application to see if there are any additional entries beyond the standard template like below:
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 188.8.131.52 rhino.acme.com # source server
# 184.108.40.206 x.acme.com # x client host
Hope this helps.