cancel
Showing results for 
Search instead for 
Did you mean: 

Re: "System Tool" virus got installed despite McAfee running

I have recently seen "PC Security Shield" rogue antivirus infections of at least 4 computers over the past 2 weeks.

Each customer had a current Paid-for copy of McAfee.

However, the McAfee product was not functioning properly.

Case 1:  Clicked McAfee Tray Icon

             Opened McAfee Window without displaying anything in the Window (in safe mode with networking)

Case 2:  Clicked McAfee Tray Icon

             Opened McAfee Window, would not allow the product to be Turned On

Other symptoms observed included:

     Could not uninstall McAfee Product from Add Remove Programs (windows normal or safe mode with networking)

     Could not access McAfee's website to login and download current subscription.

I just finished uninstalling and reinstalling my McAfee product because it would not stay turned ON.

Wow, was I worried...and i know better than to click on random "Scan Now" links, sites, or otherwise...

But I do use some other products to try to maintain a higher level of security including:

     Secunia PSI, MalwareBytes, ShieldsUp, and WinPatrol

After the uninstall, I did use the McAfee cleanup tool prior to reinstallation.

During the installation, WinPatrol flagged me that some program (McAfee?) was attempting to make a change in my HOSTS file, which I reject, reject, reject...  Unfortuanately, there are so many types of attack scenarios present for unprotected PC's connected to the Internet that I could not

say if this attempt was as a result of McAfee during the installation or not.  If I had not had WinPatrol running while I was installing McAfee, I probably would not even have known that this attempt was happening.

Anyways, I am a bit concerned about McAfee's product.

When you reinstall McAfee, of course, you have to re-set Firewall settings (for greater security) and either block or delete certain services and ports

for greater control over security (which get reset upon reinstallation)...

Anyways, maybe I'm good to go for now.

Until next time!

ConorD62
Level 12
Report Inappropriate Content
Message 82 of 115

Re: "System Tool" virus got installed despite McAfee running

PLEASE LISTEN!

Mcafee will miss this.

Microsoft Security Essentials will miss this

Avast will miss this

AVG will miss this.

It disables your Anti Virus, but not your Anti-Malware.

Such as Malwarebytes, if you have this, I suggest reading this

Thank you for reading.

Tran455
Level 7
Report Inappropriate Content
Message 83 of 115

Re: "System Tool" virus got installed despite McAfee running

Current System - Window 7

McAfee - Running & Up-to-date

Removal Process:

1. Restart Computer

2. Immediately start hitting the F8 button

3. Select "Safe Mode with Network"
4. Download: http://forums.malwarebytes.org/index.php?showtopic=66064 (and follow all instructions)

5. Allow computer to reboot after Malwarebytes has finished its Quick Scan & Removed the "System Tool"

6. Run McAfee Full Scan to remove anything left over

7. Write the IT guys at Malwarebytes a "Thank You Letter" and include $25 Tip

Enjoy

Alien
Level 7
Report Inappropriate Content
Message 84 of 115

Re: "System Tool" virus got installed despite McAfee running

That's the way to go about it. Nice #7.

doedoe
Level 7
Report Inappropriate Content
Message 85 of 115

"System Tool" virus got installed despite McAfee running

Ok, first of all the system tool virus sucks!  Good for malwarebytes rocks!  My one question is this............  I am pretty confident I removed the system tool virus successfully, but when I look at my notification area icons it still apears as (eOdKIPj1803) how do I remove it from my icon notifications, or does it even matter since I removed it from the program data file already?

Thx

sherroa
Level 7
Report Inappropriate Content
Message 86 of 115

"System Tool" virus got installed despite McAfee running

No Thanks Mcafee!!!

My home PC was also overwhelmed by the "System Tool" malware virus while Mcafee was running just yesterday. It's a shame that I just paid the big bucks recently to renew my Mcafee subcsription. I know there is free virus protection software out there, like AVG, which will find and eliminate such malware. Thanks to this site I found the fix, which was to download the FREE Malwarebytes on line. When I loaded and ran the software it found 9 infected files, removed them and repaired the damage. I believe I will be cancelling my "auto-renew" Mcafee subscripton at the end of the contract if they can't provide the anti-malware software for what I am paying them.

When "system tools" malware took over my Windows Vista administrator user account, I was able to restart and log on to my daughters user account and download and run Malwarebytes software!

ConorD62
Level 12
Report Inappropriate Content
Message 87 of 115

Re: "System Tool" virus got installed despite McAfee running

sherroa wrote:

No Thanks Mcafee!!!

My home PC was also overwhelmed by the "System Tool" malware virus while Mcafee was running just yesterday. It's a shame that I just paid the big bucks recently to renew my Mcafee subcsription. I know there is free virus protection software out there, like AVG, which will find and eliminate such malware. Thanks to this site I found the fix, which was to download the FREE Malwarebytes on line. When I loaded and ran the software it found 9 infected files, removed them and repaired the damage. I believe I will be cancelling my "auto-renew" Mcafee subscripton at the end of the contract if they can't provide the anti-malware software for what I am paying them.

When "system tools" malware took over my Windows Vista administrator user account, I was able to restart and log on to my daughters user account and download and run Malwarebytes software!

Hi,

Malwarebytes Anti Malware (FREE) is supposed to run a long side your Anti Virus, not use it yourself,

AVG wouldn't detect this, as they would just advise you to download Malwarebytes,

Malwarebytes consentrates on Malware/Rogue's, not viruses and potentially unwanted program's, like McAfee, AVG, Kaspersky, and others do.

Thanks.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 88 of 115

"System Tool" virus got installed despite McAfee running

al sherr wrote:

No Thanks Mcafee!!!

My home PC was also overwhelmed by the "System Tool" malware virus while Mcafee was running just yesterday. It's a shame that I just paid the big bucks recently to renew my Mcafee subcsription. I know there is free virus protection software out there, like AVG, which will find and eliminate such malware. Thanks to this site I found the fix, which was to download the FREE Malwarebytes on line. When I loaded and ran the software it found 9 infected files, removed them and repaired the damage. I believe I will be cancelling my "auto-renew" Mcafee subscripton at the end of the contract if they can't provide the anti-malware software for what I am paying them.

When "system tools" malware took over my Windows Vista administrator user account, I was able to restart and log on to my daughters user account and download and run Malwarebytes software!

I'm afraid to say that if you think any other antivirus solutions will fare better than McAfee you may be disappointed as most of them fail miserably with these 'fake antimalware' entities.

A quote from one of the lead developers of MalwareBytes (Bruce Harrison) :
...
As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
...
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

"No, MBAM can't replace your existing antivirus software and is not designed to."

kdb_qlb
Level 7
Report Inappropriate Content
Message 89 of 115

Re: "System Tool" virus got installed despite McAfee running

Since january I got system tool 3 times and so I asked McAfee . First they answered that iI have to pay extra for removal of that virus. But they didn't explain how to do this, because system tool stops the WLAN-software. Later Mc Afee germany sent me an eMail explaining, that system tool seems not to be a virus and no manufactorer can remove all viruses !!
The best way for me to remove system tool virus are the products malwarebyte and ClamWinPortable. But McAfee says that these products have some errors !! But the remove the virus.

Nachricht geändert durch kdb_qlb on 23.02.11 05:50:29 CST
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 90 of 115

Re: "System Tool" virus got installed despite McAfee running

kdb_qlb wrote:

Since january I got system tool 3 times and so I asked McAfee . First they answered that iI have to pay extra for removal of that virus. But they didn't explain how to do this, because system tool stops the WLAN-software. Later Mc Afee germany sent me an eMail explaining, that system tool seems not to be a virus and no manufactorer can remove all viruses !!
The best way for me to remove system tool virus are the products malwarebyte and ClamWinPortable. But McAfee says that these products have some errors !! But the remove the virus.

Nachricht geändert durch kdb_qlb on 23.02.11 05:50:29 CST

None of the major antivirus applications are any good against these fake anti-malware applications.   That's why there are specialist tools out there which usually are free.

There is no need for paid virus removal in most cases as, if you Google the name of the malware, you can usually find a cure on the web, but make sure it's a reputable one.  BleepingComputer forums usually are good for that.

If you ever want paid virus removal simply right-click the taskbar icon and select 'Get Help" that will lead you to all the support options, or simply Google it.   I'm not sure where and when McAfee said MalwareBytes etc. have errors.  I do know that Malwarebytes paid version is not good with regular antivirus applications, so always use the free version.


Message was edited by: Ex_Brit on 23/02/11 7:01:49 EST AM

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community