Showing results for 
Search instead for 
Did you mean: 
Level 7

new virus not covered by mcafee

Running XP (SP2, I think), and got a virus this weekend. McAfee recognized it enough to pop up "this program is trying to access internet, allow access or block", but not enough to block the virus from getting in, or clear it.

Virus goes into windows/system32/winbatch86.exe. It activates every time windows comes up, and kills task manager. Then it throws up "click here to download antivirus software" every 2 minutes or so. You can't delete the files, because they are active, and can't kill the process without task manager. McAfee scan and Stinger did nothing. MalwareBytes was able to quarantine some of the files, but not all, and virus reactivated on reboot. Had to wipe & reload.

I searched McAfee, and did not see any mention of this virus in their threats. Google had plenty of hits of others who also got the virus, mostly in the past 2 weeks.

Does anyone know the procedure for advising McAfee of new viruses? Since my pc is now clean, I don't have any samples to send them. And, since everything had to be reloaded, I am now on XP SP3, and can't be sure I was on SP2 when I caught the bug. Like I said, if they google winupdate86, they'll get plenty of hits on it (one of which said SP2 was vulnerable.)

1 Reply
Level 9

Re: new virus not covered by mcafee

Hi April,

It would be reaaaally great if you could send a sample to Mcafee AVERT Labs or Mcafee Labs is what they call it. Anyway, this is their team who are responsible for making DATs being released by Mcafee and they will also be responsible for analyzing "suspicious" files.

If you were able to provide the sample virus to AVERT then they will give you a special DAT specifically for you called EXTRA.dat so you could immediately use this to clean your undetected viruses and NOT wait for tomorrow's released DAT. Anyway, the signatures applied in the extra.dat will always be released on the DATs released on the next day or two. So other people with Mcafee infected with YOUR undetected virus will be detected and cleaned as well.

To submit a file to AVERT you must ZIP the file and password protect it and set the password to INFECTED otherwise, they will just ignore your submitted file.

You could go to AVERT thru here:

0 Kudos