cancel
Showing results for 
Search instead for 
Did you mean: 
oneiota
Level 7
Report Inappropriate Content
Message 1 of 22

Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Hello and thank you for your time and attention.

I was able, after many tries, to force a manual update and several days later was finally able to run a system scan which produced a detection.

However the scan still says running and complete as well as Detection occured and Detections: 0.

My OnAccess log used to say WARNING WARNING... OK...OK... WARNING... OK...OK etc., but was cleared by the system.

This comes right after an Artemis!DCCD7AAB9BD6 Trojan was detected and quarantined FOUR TIMES.

I caught NT AUTHORITY -0x3e7- loading the infected PrinterInstallerClientUpdater.exe.cpytmp FOUR TIMES!

Also have seen NT AUTHORITY -0x3e7- gain write access to mcshield.exe.

So, is there a way to jiggle the scanner to get it to finish the completed scan?

See below Running / Completed, detection occured / Detections: 0

Two scans detections.bmp

21 Replies
catdaddy
Level 20
Report Inappropriate Content
Message 2 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

,

            Hopefully one with the knowledge and expertize of Enterprise Products will pick up this thread, and add to this discussion. Just by your statements and screenshot, especially the mentioning of Artemis!DCCD7AAB9BD6 indicates you may have some Malware onboard.

              I will ping a Moderator whom is knowledgeable, and has the expertize on the Corporate side of the equation.

All the very Best,

Catdaddy

McAfee Community Moderator

(Consumer Products)

Cliff
McAfee Volunteer
catdaddy
Level 20
Report Inappropriate Content
Message 3 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Please be informed that Moderator has been contacted.

Cliff
McAfee Volunteer
oneiota
Level 7
Report Inappropriate Content
Message 4 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Thank you sir

catdaddy
Level 20
Report Inappropriate Content
Message 5 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

You are perfectly welcome

I would follow the suggestions Rich gave you.

All the Very Best

Catdaddy

McAfee Volunteer Moderator

(Consumer Products)

Cliff
McAfee Volunteer

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Hi

Could I ask you to run a McAfee tool called GetSusp which is available form GetSusp | McAfee Free Tools  with instructions available here How to Use GetSusp | McAfee Free Tools

This tool scans your system for unusual behavior and sends some data to McAfee for analysis. If you have NT\AUTHORITY spawning processes hooking into mcshield you certainly have malware, and the fact an Artemis detection was triggered confirms these suspicions.

Regards

Rich

McAfee Volunteer Moderator

Certified McAfee Product Specialist - ePO

oneiota
Level 7
Report Inappropriate Content
Message 7 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Yes, thank you I will.

I am positive there is something here. I have been watching my CPU usage all day and hasn't dropped below 20%. In fact its been like that for a week.

Processes show 4 or 5 svchost. Network shows TCP usage is maxed. Security Eventlog shows 150,000 new inbound connections made.

I've been begging IT to come take a look for a month. One guy came over all pissed and ripped out my box saying he was gonna re-image it. Didnt work.

I signed up to the microsoft security forums and they said stop reading the event logs. too scary for you.

Anyways, I'll be right back.

Thanks for the links!

oneiota
Level 7
Report Inappropriate Content
Message 8 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

I think whatever it is it has protected itself against tools like getsusp.

As soon as I opened the getsusp all network activity dropped to near nothing; from being at 20% - 50% all day.

I ran the program but didn't find any suspicious files

This morning I thought I'd run it again and so I'd download it to disk this time. When I opened getsusp I saw a warning that getsusp had been modified and opted to run it from the website again.

Same thing, no suspicious files.

I haven't heard anything from the McAfee labs either though.

carlob
Level 9
Report Inappropriate Content
Message 9 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

Hi, reading your posts, defiantly something suspicious going on with your machine. you can run the following tool on the machine. This is not a McAfee tool but I have used it extensively to find badness on machines. You can download the tool from www.winitor.com. The SVChost bit you are seeing could be a indication however it could also be a rabbit hole as windows does this and i wont get in to why etc.. google it if you like.

Have you tried to map a drive to your C drive from a machine on the network and scan it?

What patch version are you running on virusscan?, go to help - about

are you running the McAfee agent on the machine? if so version please

Run the tool provided and see what it finds. Secondly, the other option to reboot the machine,  if VirusScan finds a file but fails to remove it, it means its marked for deletion on next reboot. Thirdly as a final option you can download our command line scanner for virusscan with your grant number, place this on a boot able device, reboot and boot off this, update the scanner and let it scan for you in DOS mode. as side point, it we already detect it, means we can clean it however it may be due to system resources being low, or the file that we are scanning is in a LARGE zip that we are trying to unpack and thus the hanging.

McAfee Labs will and do not look at forum posts or provide support on these or other forums, the only time they will respond to you is if you log a case with us.

i just looked up the file detection, we dont have much info on it as of you, what you are seeing with the spooler driver is something trying to hook it, its suspicious in its behavior and thus the detection i believe, however without a sample i cant tell you much more. I have attached the tool to this post for you, save you time.

exbrit
Level 21
Report Inappropriate Content
Message 10 of 22

Re: Updates and Scans fail. Detection found but McAfee wont finalize the scan.

You mean www.winitor.com - have amended.