After suffering with a root kit on my HP running XP last month, my wife had a fake virus alert running from a program called lic.exe today on the Toshiba laptop she was using. It was running McAfee Virus Scan. She was at a sewing center site.
I used the techniques in McAfee Document ID: TS100767 to end task for lic.exe and also deteleted internet temp files and cookies.
Then I loaded GetSusp and ran it. It detected lic.exe as suspicious and made a captured zip file of it. I hope it was sent successfully.
I hope this works. I didn't see this problem on the computer I'm loggged in on now.
Has this fake alert been stopped?
3 hrs later - Got on computer and fake alert still there and still found by GetSusp..
I manually deleted it by unhiding the path to it, then scanned again with GetSusp and it's not there.
I am scanning with today's update of VirusScan.
What else should I do?
.Message was edited by: joefreeflyer to add latest actions on 7/20/11 3:29:10 PM CDT
If you are still getting fake alerts please try our FakeAlert Stinger tool in the first instance - . We recommend you to use the 'Fix to scan' option first - instructions for which are on the link for the stinger.
If this does not resolve the issue please let us know what is the Analysis ID you received when submitted your getsusp files for analysis. This will help us on investigate the files further and add detection and cleaning properly.
Hope this helps!
So far so good. The Virus scan had not detected anything, after I deleted the suspicious file found by GetSusp. The package I had sent was identified (beta_detected) as a Trojan called fakealert-rena.p .
Logging into Yahoo mail gave no recurrence of the problem. My wife has not tried the sewing site yet.
Thanks for your advice