I have McAfee through Comcast and it has worked great for over a year. Yesterday Feb 9th I got the bankerfox.a malware with the pop
ups for the fake Spyware Protect. Its really nasty.
NOTE: There are four user ID's on this computer and this bankerfox thing is only on one of them. The other three including the admin user ID work fine.
I haven't opened the infected ID after I found out what it was that was doing this.
Is this odd for the other three to be working fine?
In any case I need to get rid of this. I searched here for bankerfox and tried to download the fixes but it said access denied (by McAfee on my system), when I comanded McAfee to trust the fix program it said denied access on the program itself (smitfraud.exe)
I'm ok but not great with tech stuff. Can anyone help guide me to a current up to date fix for this that someone other than an IT head can use??
Can it indeed be fixed from another user ID on the same computer, as when opening the infected user ID bankerfox closes all programs.
I'm worried about what program to trust to download as well.
Many Thanks for input
If this is an XP or Windows 2000 machine use this tool: SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
If any other operating system then use the free version of this tool, update it before running and let it remove everything it finds and reboot immediately if asked to.
Malwarebyte's Anti-Malware: http://www.malwarebytes.org/mbam.php
Infections can spread from one user to another but tools such as these will clean the entire machine, not just that user.Message was edited by: Ex_Brit on 10/02/10 5:11:43 EST PM
We should really run the FakeAlert stinger first.
Download it here: http://community.mcafee.com/message/110862#110862
And when you run it, go to "Preferences" and change the "On Virus Detection" section to "Report only". (this is just on the first run, to make sure we don't detect any system files)
Then set the "Heuristic network check for suspicious files", to "VeryHigh".
Let that scan the entire system, and let's see what is detected.
Please post back to us, and we'll take it from there.
Hi David, I did as you said for "report only" and "very high" and it came up with 8 Artemis! trojans from the total scan.
they are listed on the scan as as...
In that order, some are the same in different places I guess.
Please Advise, Thanks Very Much
Just wanted to say that about 4 hours after I ran the scan as advised..... my admin user id now has pop ups for false vista internet security
so I stared running the scan again and saw other trojans so I just stopped it and I'll now log off my computer and disconnect my modem
until tommorow. I will check back and see if there is anything I can do.
My McAfee is saying I'm protected and is up to date.
When this all started yesterday I ran a full scan and it said no threats.
Please try the steps below:
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine. (Yes, it's OK to download and run them on the "problem" machine but many times, the virus/malware will prevent such from happening, therefore, you may need to use a separate, clean computer to download the files..)
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.
I coudn't run any of the four rkill programs for some reason, and I don't have access to another machine.
I downloaded Malwarebytes free version ....updated.... then full scanned.
It worked. All the bugs are gone (presumably) and the machine is running normal in all user id's
My question is.. should I buy the Malwarebytes paid version for $24.99?
Why does McAfee not have something like this??? Are they working on something like this?
Thanks for reply
Good job.. If you haven't already, make sure to run the other tool I mentioned.. It frequently finds objects the other doesn't fine.. In addition, McAfee has a new tool called FakeAlert Stinger.. Download it and run it as well. Clicking on the link below will immediately start the download dialogue window to download the file to your desktop.
Unfortunately, in the world we live in today, there is no "silver bullet" that will handle all types of malware.. The tools I suggested earlier are specialized spyware/trojan removal tools but they aren't any good at removing normal viruses and worms.. That's where McAfee excels.. In the current malware climate, you need both a number of tools to keep you computer clean and most importantly YOU are the best "preventer" of malware. Don't visit dodgy sites.. Don't open attachments in your email unless your SURE the attachment is legitimate.. A key step is to make sure you harden your browser.. If using Internet Explorer, make sure it's the most current and the security settings are set at Medium-high to High. You might even try a different browser for web surfing such as Firefox or Opera, or such.. They don't run ActiveX which is one of the key vulnerabilities to letting in malware.
McAfee is indeed working on the spyware end of things and are constantly updating their antispyware scanner for both the retail and corporate products.. It's a great tool but at the same time, don't be afraid to get a "second opinion" once in a while.
Hope this helps.