My most recent scan detected a potentially unwante program WINHOST. It listed the this info:
Registry value name: svchost
The choices I have is remove or trust. What is this program, and do I need it. I had a virus a few weeks ago, since that time my searches redirect me to different pages, I have run a full malwarebytes scan, this is the first time that McAfee has given me this result.
Just now sure how to proceed.Message was edited by: mzlilygal on 9/10/10 7:10:20 AM CDT
If you suspect you're infected and have trouble finding what is causing the infection, I'd suggest giving this handy tool a try.
"McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine."
Get it from here: https://community.mcafee.com/message/148081#148081
Once GetSusp identifies and collects the suspect files, post the logs here and we community members can help.
Technical Product Manager, McAfee Labs
Ps: The svchost startup entry does look very suspicious - the GetSusp logs will confrim if its indeed malicious.
I ran the program this evening, and I've attached a report.
Since I posted my original notice, I've ran a couple of other scans and one said I had a virus, Win32/Alureon.H.
also, on my McAfee scan I had originally selected "trust" on the file in question, and then decided to change that so when I did that my scan logs say that I have removed a file from the 'trused' list, and when I ran a complete scan it doesn't come up any more. However, when I do a search, and select a link it is still re-directing me so I still have something somewhere.
I appreciate any assistance offered. The version of McAfee I am running came from my AT&T internet provider and is called AT&T Internet Security Suite powered by McAfee so I can't tell you what version I actually have.
Could you attach the detailed GetSusp log that was created please? This is the location it was created:
C:\Documents and Settings\Debby Ray\Desktop\Downloads\gsusp_091310_205739.zip
What the scan report you uploaded - it appear that you have multiple infections.
Apparently the initial logs did not save in the correct location, so I re-ran again. In the log file there are multiple things, so I'm not sure which you need. It appears they are all password protected. This one was in the log file and was titled files. If this is not what you need, I will go back and retrace the download steps to make sure I've saved everything in the right place.
Thanks for your help.
We need the entire gsusp.zip file that is created after a scan. It is password protected with passphrase "infected" as it would contain a copy of the samples identified.
Based on the files.xml that you uploaded, we were able to whitelist a majority of the files. Please re-run the scan and post the gsusp.zip file.
My McAfee scan again detected this potentially unwanted program. My only choices are to remove or trust....I don't know which to choose ???
If I truly have the Alueron.H virus I think even if I remove the program it will keep coming back, so I'm not really sure what to do at this point.