cancel
Showing results for 
Search instead for 
Did you mean: 
green1978
Level 7

Virus suspected and assistance with removal

Hello McAfee community

Please find below as much information as possible on my problem:

For a week now I have been trying to remove a virus, our pc started behaving strangely when you searched in google. It would bring up recommended sites as always but the connection would always take you to the Gomeo site.

First I checked my quarantined files and the following items were noted:-

ADWARE-180SA    file location C:\SystemVolumeInforation\_restore{44589CEE-F80B-4E67-B848-F38844E34B4D}\RP1328\A0407537.sys

ADWARE-HOTBAR file location lots of items on the c drive under Zango(which I have now deleted)

GENERIC PUP-x!bh files located at C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\SCHOOL\EVID4226PATCH223D-EN.ZIP and C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY VIDEOS\SCHOOL\EVID4226PATCH223D-EN.ZIP(which I have now deleted).

I found the virus information library on McAfee and ran the stinger tool. A trojan was found and deleted, see report attached for Mon Sep 13th.

I then found the McAfee forum and was reading a post about using the GetSusp Scan, which I downloaded and ran. My apologies if I haven't attached the correct file for this but 3 trojans were found. If the report cannot be seen I'll note what was found.

Next, I read through the required reading on the forum and I have ran through steps 1-3 as requested.

Whilst completing step 2, stinger tool and scan in safe mode nothing was found. However, since then McAfee informs me that my pc is not fully protected and could not be fixed.

I'm just wondering what to do next, so if anybody could shed any light on the matter I would be very grateful.

Hopefully I've posted enough info and not waffled on to much.

Regards

Marc

0 Kudos
3 Replies
vinoo
Level 13

Re: Virus suspected and assistance with removal

Hi Marc,

Could you post the GetSusp scan results for review please? It would a zip file named gsusp.zip and be created in the same location where it was executed.

What you've posted is the GetSusp executable itself.

Best,
Vinoo

0 Kudos
green1978
Level 7

Re: Virus suspected and assistance with removal

Hi Vinoo,

Getsusp reports are attached. One of them is from last week and one from today.

Many thanks

Marc

0 Kudos
vinoo
Level 13

Re: Virus suspected and assistance with removal

Thanks for posting the GetSusp logs.

You've got a rash of infections - this is the list of malware on your system.

GetSusp.jpg

Those marked as Trojan are already detected with the current DATs. Files detected as Assumed_Dirty can be cleaned via Stinger. Detection for the rest of the files will be added to the DATs.

Best,

Vinoo

0 Kudos