Hello and thank you for your time and attention.
I was able, after many tries, to force a manual update and several days later was finally able to run a system scan which produced a detection.
However the scan still says running and complete as well as Detection occured and Detections: 0.
My OnAccess log used to say WARNING WARNING... OK...OK... WARNING... OK...OK etc., but was cleared by the system.
This comes right after an Artemis!DCCD7AAB9BD6 Trojan was detected and quarantined FOUR TIMES.
I caught NT AUTHORITY -0x3e7- loading the infected PrinterInstallerClientUpdater.exe.cpytmp FOUR TIMES!
Also have seen NT AUTHORITY -0x3e7- gain write access to mcshield.exe.
So, is there a way to jiggle the scanner to get it to finish the completed scan?
See below Running / Completed, detection occured / Detections: 0
Hopefully one with the knowledge and expertize of Enterprise Products will pick up this thread, and add to this discussion. Just by your statements and screenshot, especially the mentioning of Artemis!DCCD7AAB9BD6 indicates you may have some Malware onboard.
I will ping a Moderator whom is knowledgeable, and has the expertize on the Corporate side of the equation.
All the very Best,
McAfee Community Moderator
You are perfectly welcome
I would follow the suggestions Rich gave you.
All the Very Best
McAfee Volunteer Moderator
This tool scans your system for unusual behavior and sends some data to McAfee for analysis. If you have NT\AUTHORITY spawning processes hooking into mcshield you certainly have malware, and the fact an Artemis detection was triggered confirms these suspicions.
McAfee Volunteer Moderator
Certified McAfee Product Specialist - ePO
Yes, thank you I will.
I am positive there is something here. I have been watching my CPU usage all day and hasn't dropped below 20%. In fact its been like that for a week.
Processes show 4 or 5 svchost. Network shows TCP usage is maxed. Security Eventlog shows 150,000 new inbound connections made.
I've been begging IT to come take a look for a month. One guy came over all pissed and ripped out my box saying he was gonna re-image it. Didnt work.
I signed up to the microsoft security forums and they said stop reading the event logs. too scary for you.
Anyways, I'll be right back.
Thanks for the links!
I think whatever it is it has protected itself against tools like getsusp.
As soon as I opened the getsusp all network activity dropped to near nothing; from being at 20% - 50% all day.
I ran the program but didn't find any suspicious files
This morning I thought I'd run it again and so I'd download it to disk this time. When I opened getsusp I saw a warning that getsusp had been modified and opted to run it from the website again.
Same thing, no suspicious files.
I haven't heard anything from the McAfee labs either though.
Hi, reading your posts, defiantly something suspicious going on with your machine. you can run the following tool on the machine. This is not a McAfee tool but I have used it extensively to find badness on machines. You can download the tool from www.winitor.com. The SVChost bit you are seeing could be a indication however it could also be a rabbit hole as windows does this and i wont get in to why etc.. google it if you like.
Have you tried to map a drive to your C drive from a machine on the network and scan it?
What patch version are you running on virusscan?, go to help - about
are you running the McAfee agent on the machine? if so version please
Run the tool provided and see what it finds. Secondly, the other option to reboot the machine, if VirusScan finds a file but fails to remove it, it means its marked for deletion on next reboot. Thirdly as a final option you can download our command line scanner for virusscan with your grant number, place this on a boot able device, reboot and boot off this, update the scanner and let it scan for you in DOS mode. as side point, it we already detect it, means we can clean it however it may be due to system resources being low, or the file that we are scanning is in a LARGE zip that we are trying to unpack and thus the hanging.
McAfee Labs will and do not look at forum posts or provide support on these or other forums, the only time they will respond to you is if you log a case with us.
i just looked up the file detection, we dont have much info on it as of you, what you are seeing with the spooler driver is something trying to hook it, its suspicious in its behavior and thus the detection i believe, however without a sample i cant tell you much more. I have attached the tool to this post for you, save you time.