cancel
Showing results for 
Search instead for 
Did you mean: 

Concerned about a possible virus?

I am running McAfee Total Protect and as I was working on my PC it instantly rebooted, when I looked in files that had been updated the PFRO file had been updated with lots of commands and circa 1 week prior a file called setupact was updated with a log of WudfCoInstaller running, I am worried that these are linked and I have been infected? I have checked my running services and WudfCoInstaller is not running. I have also run two full scans since and nothing found.

Should I be concerned or not?

The PFRO logs for the day it rebooted are here:

4/3/2018 11:51:45 - PFRO Error: \??\C:\WINDOWS\TEMP\023271~1.EXE, |delete operation|, 0xc0000034
4/3/2018 11:51:46 - PFRO Error: \??\C:\ProgramData\McAfee\PEF, |delete operation|, 0xc0000101
4/3/2018 11:51:46 - PFRO Error: \??\C:\WINDOWS\TEMP\nst9504.tmp\nsj9515.tmp\InstallHelp\PEFInstallHelper.dll, |delete operation|, 0xc000003a
4/3/2018 11:51:46 - PFRO Error: \??\C:\WINDOWS\TEMP\nst9504.tmp\nsj9515.tmp\InstallHelp\, |delete operation|, 0xc000003a
4/3/2018 11:51:46 - PFRO Error: \??\C:\WINDOWS\TEMP\nst9504.tmp\nsj9515.tmp\, |delete operation|, 0xc0000034
4/3/2018 11:51:46 - PFRO Error: \??\C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPClientAPI.dll, |delete operation|, 0xc0000034
4/3/2018 11:51:46 - PFRO Error: \??\C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPCorePS.dll, |delete operation|, 0xc0000034
4/3/2018 11:51:47 - PFRO Error: \??\C:\WINDOWS\TEMP\nsz564A.tmp\nsk568A.tmp\InstallHelp\PEFInstallHelper.dll, |delete operation|, 0xc000003a
4/3/2018 11:51:47 - PFRO Error: \??\C:\WINDOWS\TEMP\nsz564A.tmp\nsk568A.tmp\InstallHelp\, |delete operation|, 0xc000003a
4/3/2018 11:51:47 - PFRO Error: \??\C:\WINDOWS\TEMP\nsz564A.tmp\nsk568A.tmp\, |delete operation|, 0xc0000034
4/3/2018 11:51:47 - 67 Successful PFRO operations

4/3/2018 15:51:57 - PFRO Error: \??\C:\WINDOWS\system32\spool\V4Dirs\71FDAD24-CDA5-45B7-B9A8-B5856810C7F1\94766af2.gpd, |delete operation|, 0xc0000034
4/3/2018 15:51:57 - 18 Successful PFRO operations

 

The Setupact log is here:

[03/07/2018 12:49.46.743] WudfCoInstaller: ReadWdfSection: Checking WdfSection [MTP.NT.Wdf]

[03/07/2018 12:49.46.839] WudfCoInstaller: Configuring UMDF Service WpdMtpDriver.

[03/07/2018 12:49.46.872] WudfCoInstaller: ImpersonationLevel set to 2

[03/07/2018 12:49.46.904] WudfCoInstaller: KernelModeClientPolicy set to 1

[03/07/2018 12:49.46.938] WudfCoInstaller: Final status: error(0) The operation completed successfully.


[03/07/2018 12:49.47.691] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf.

[03/28/2018 08:07.33.447] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[03/28/2018 08:07.33.598] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[03/28/2018 08:07.33.649] WudfCoInstaller: Configuring UMDF Service WpdFs.

[03/28/2018 08:07.33.707] WudfCoInstaller: ImpersonationLevel set to 2

[03/28/2018 08:07.33.740] WudfCoInstaller: Final status: error(0) The operation completed successfully.


[03/28/2018 08:07.33.989] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.

1 Reply

Re: Concerned about a possible virus?

Seems that it is just a junk file from your previous downloads. But if you want to make sure. Go and download getsusp.exe thats a McAfee Tech support tool

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community