Just a note to Mcafee users - this program is completely ineffective against the rogue trojan Win 7 antispyware 2012. Not only was Mcafee incapable of finding the virus when I was infected, but a full system scan was unable to detect it.
This virus would open up a fake virus scan page attempting to get me to scan my computer, pay money or enter in financial information anytime that I opened any exe including a browser window. The file would open in my task manager as btr.exe *32 and I could force close the program after opening an .exe in adminstrator mode and that would then allow me to access any programs or downloads that I needed to.
After contacting McAfee I was informed that the only way they could help me would be to pay $89.95.
Instead, I downloaded Malwarebytes for free and used that program to quickly and effectively remove the virus - again, for free.
I think that Mcafee should be embarassed that a program such as malwarebytes with such comparably limited resources was able to solve my problem where Mcafee refused to. It's very obvious that Mcafee is far more concerned about my $90 than they are about protecting my computer. It's obvious that this is a problem that Mcafee could easily enable users to solve themselves just as Malwaybytes had, but then again, how ever would Mcafee pay the rent if they let me do that?
Suffice it to say, I will be uninstalling Mcafee as I have wanted to for some time - and will most definitely be paying the $24.95 to Malwayebytes for their very helpful shareware program. Between malwarebytes and AVG, I'm certain I'll be better protected than I ever was with Mcafee.
· ...from one of the lead developers of MalwareBytes (Bruce Harrison) :
As far as why MBAMis very good at dealing with this infection, that is simple.MBAM is designed to be very good at dealing with malware that the AVs seem tobe having problems with. I do not spend my time making MBAM detect millions ofinfectionsthat any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some waybypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future.MBAM will NEVER add antivirus abilities to itscore app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :
"No, MBAM can't replace your existing antivirus software and is not designed to."
And did AVG detect it? Fake AVs are hard to detect by the main line AVs. Some pick up some and others other ones, MWB is designed for such detections.
My wifes computer was just infected with this Win 7 Security 2012. I was able to run McAfee at that time and it detected nothing. I could not open any web browser to research for a tool to remove it. I could do nothing in normal mode to restore to an earlier date. I had to turn off power and restert in safe mode and then went to control panel and security and from there I could do a system restore. I was not able to do system restore from the Programs/Acessories/system tools/restore, A message cmae up saying that the file was infected. Anyway--- What I want to know is why do I have McAfee if it cant detect a trojan or whatever this was???
More importantly is what are the proper steps when something like this happens with Mcafee, as I have already spent ( renewed the service just about a week ago for over $100 for my computers) all the money I really can
afford to spend on this type of protection software.
Because it isn't a trojan or a virus, it's rogue/fake antimalware which relies on something, maybe something quite insignificant, to be clicked to start it doing it's dirty work. None of the major antivirus applications can stop these things, hence the need for pecialist tools such as Malwarebytes (free version is fine), or even McAfee's own FakeAlert Stinger tool. They are specialist tools that have little in the way of antivirus capabilities and big anti-malware capabilities..
There's an excellent description and removal guide for this entity here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012 scroll down the page as the first links are to advertising.
A quote from one of the lead developers of MalwareBytes (Bruce Harrison) :
As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :
"No, MBAM can't replace your existing antivirus software and is not designed to."
Message was edited by: Ex_Brit on 10/12/11 8:04:55 EST PM
I had an interesting side effect I noticed. I don't know if it came with the above mentioned incident, or was a seperate infection, but even with no web browser open, my hard drive was constantly accessing, and my NIC cards transmit light was blinking like mad. Also, every so often, my screen would blank and come back, and opening a webpage in Firefox would allow a new tab with a redirect to open even though I set it to not allow this. I tried everything, then HITMAN finally removed it. My task manager listed CSRSS.EXE and Winlogon.exe as having no user id, and right clicking and selecting open location would not work. In safe mode, Winlogon is not listed, and CSRSS.exe user is listed as SYSTEM, and allows me to open the location, so I know something was up with it. After HITMAN removed a few things, I no longer have the problems with one exception, CSRSS.exe is still listed as no user, and won't allow me to open location. I wonder if I am still infected with something.
This is an older tool but still useful where you need something to gather information to obtain help elsewhere. Run "Hijackthis" and post its log on one of the specialist forums below to see what action is recommended. They will check it and help you get rid of whatever ails your machine. Don't try to fix it yourself.
It has been updated to be compatible with Windows 7 and still serves a useful purpose in getting the ball rolling with help in the forums mentioned below. Any other tools will be recommended by them in due course of the investigation.
Note: Hijackthis is not intended as a removal tool per se, and should only be used under the guidance of the specialist forums.
Do not post Hijackthis logs here, we can't help you with those !
Post the logs at one of these specialist Forums:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
I can understand your disappointment but Malwarebytes can't replace antivirus software. Why? Because it is mainly designed to detect rogue software, adware and similar infections. Win 7 Antispyware 2012 is not a virus or money stealing trojan, it's a low level threat. It would be a lot worse if McAfee missed banking trojan or a virus. Besides, rogue AVs are easy to remove, especially if you use Malwarebytes or similar malware removal tools. There are also removal guides made for users who can't delete rogue AVs for some reasons:
Rogue antivirus applicatios are hard to detect, they are repacked very often. It doesn't matter if you use McAfee or AVG or any orher antivirus product, there is always a chance that you will end up with a rogue antivirus software. For example, there is another rogue called Security Shield. Cyber crooks have changed the graphical user interface and repacked it. Detection rate 8 /42 (19.0%), only few were actually able to detect it. McAfee was able to detect it.
Good luck!Message was edited by: techrumy on 6/15/11 3:48:56 PM CDT
Last nite my desktop was taken hostage by Win 7 Antivirus 2012 and dug itself in so deep that Malwarebytes and other attempts to remove it have been ineffective. Right now I'm now waiting for a local geek service to rescue me ($100 minimum charge). The McAfee support guy in India said they could do nothing for me except sell me a removal tool for $89.95. (The link to the "stinger" tool he emailed me did not work.) My question is: am I naive to think that the McAfee "Total Protection" service I've been paying for for the past 7 years should actually be protecting me from rouge malware such as this? It's not actually "total" protection? Does McAfee take no responsiibility for failing to stop it? What's the purpose of automatic updates and daily automatic scans? So I have to pay an additional $24.99 or whatever to protect me from future rogue antivirus applications? Did I not read the fine print? What am I missing here?
Have you read through the other posts in this thread, especially the last one before yours?
Fake AV programs often target machines with unpatched applications (Java, Flash, Reader are favourites) so make sure everything's kept up to date, not just Microsoft programs.
What Support was offering you was a session of paid-for malware cleaning, which for a Fake AV infection isn't usually necessary. We can often point you towards self-help options, and the advice is free.
I'm a total newbie on this so can you guys help me out??? Son's computer got hit with the Win 7 Antispyware 2012 last night too.
I think I have it cleaned out with Mcafee, but... It has totally knocked me out from getting on the internet. He did not have MalwareBytes installed yet and I tried to move it form another computer to his, but that's not working either. (I could be doing that wrong too.)
He is using Firefox... but when he tries to open up Firefox... the screen come up on Windows 7... Open With.... Choose the program you want to use to open this file.... firefox.exe
Windows media center. WHAT???
Same thing happens when I try to open up IE.
Thanks for you help.... I'm going to need it to get this working again.