cancel
Showing results for 
Search instead for 
Did you mean: 
treetrunk
Level 7

Webget malware got past McAfee

i just found myself infected with "webget" malware which mcafee totally failed to stop.

It seemed to install from a fake adobe acroreader site. I clicked on a pdf which told me I did not have the latest acrobat reader installed. I foolishly follwoed the link and found random really annoying flashing ads everytime I browsed. I ran a full Scan in safe mode but McAfee told me everything was fine even though it wasn't.

I identified that a webget directory had recently been created under c:\program files (x86).

the malware had also installed a mysearchdial app, with settings under c:\users\name\appdata\roaming\mysearchdial\

I was able to locate the files by checking the mcAfee firewall settings - several items (sone with names and some without) had enabled full firewall access.

Attempting to shred webget using mcaffee gave the error access denied.

atttempting to remove with windows file explorer was unsuccessful. I could not run file exporer as administrator.

the malware also corrupts the windows update database (discovered by running the windows torubleshooter for windows update)

Another mcafee scan still said everything was fine.

I restarted windows in safe mode again (via windows 8.1 advanced startup options)

i ran cmd (command prompt) and used DOS to del everything in the webget directory and the misearchdial directories both in program files and users.....appdata.

restarting confirms malware is finished,

running windows update took a long time - it thinks it never installed any updates (are you kidding this is windows - it has installed hundreds of updates in the last year!!).

still macafee is none the wiser.

McAfee - you let me down, can I have the last 5 hours of my life back please?

0 Kudos
23 Replies
catdaddy
Level 20

Re: Webget malware got past McAfee

You are not the only one whom has fallen for these instances. If you feel that you may still have remnants of this on your system. You can try this reputable Removal Guide http://malwaretips.com/blogs/start-mysearchdial-removal/   You can also find some excellent (free) Anti-Virus/Malware removal Tools listed under my Signature, in the second link.

You will see identical applications used in the removal guide, listed in the link below my Signature. I personally keep on hand "Malwarebytes Anti-Malware" (Free Version Only) don,t accept the (Free Trial Version) as it contains the RTS Module, that will clash with McAfee. Malwarebytes detects specific PUPS/Malware that most Anti-Virus Solutions don,t. Please know that McAfee is not soley alone in this aspect.

This PROGRAM is designed to work alongside all Anti-Virus Applications, as a compliment to your protection. It is entirely compatiable when using the (Free) version.

All the very Best,

Message was edited by: catdaddy on 5/7/14 9:37:51 AM CDT
Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Webget malware got past McAfee

Hi treetrunk,

I moved this to Malware Discussions as a better spot for it.   Catdaddy's recommendation is a good one.

No AV is 100% guaranteed unfortunately.  Be extra careful what you download and where you surf and always keep all aspects of your system up to date, including parts of it you may not use.

0 Kudos
exbrit
Level 21

Re: Webget malware got past McAfee

BTW this is a good removal guide:  http://malwaretips.com/blogs/webget-virus-removal/

0 Kudos
treetrunk
Level 7

Re: Webget malware got past McAfee

And when I click on those links it tells me the site is vulnerable to Hearbleed and it doesn't look like a trustworthy site. Is this forum an official mcafee forum??

0 Kudos
treetrunk
Level 7

Re: Webget malware got past McAfee

0 Kudos
exbrit
Level 21

Re: Webget malware got past McAfee

Webget is not a virus or a trojan or a worm, it is simply adware and annoying.  I doubt any antivirus on the market would flag it.  You can't expect any software to do it all, there is no such thing.  If you don't believe me ask any independent malware forum - BleeepingComputer is a good one.

Regarding the links above that could be your browser acting up because of something else.  Heartbleed is no longer a threat.  Or it could simply be this forum software which has been known to break links.

Strange that link does not give me any warning at all and is green-flagged by both SiteAdvisor & WoT.

Message was edited by: Ex_Brit on 07/05/14 11:01:32 EDT AM
0 Kudos
exbrit
Level 21

Re: Webget malware got past McAfee

Forget the link - it's the forum software that is ruining links which I will report.  Simply Google remove webget and look for the malwaretips one.

0 Kudos
catdaddy
Level 20

Re: Webget malware got past McAfee

If I may add, both links work properly on my end Ex_Brit. It very well could be as you mentioned.

Scratch that....I also confirm that it must be the Forum Software breaking the links. I just tried again, to make absolutely sure.

Would not Connect.

Message was edited by: catdaddy on 5/7/14 10:10:41 AM CDT
Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Webget malware got past McAfee

It appears to be a Firefox issue and possibly with other browsers but the link I first posted works just fine in IE.  No warnings at all

This is nothing to do with malware so don't anyone worry about it, it's a browser issue seemingly.

My statement that webget is not malware and therefore not detected by antivirus engines stands.

I agree it's a darn nuisance however.

0 Kudos