On May 12 I got hit by a nasty virus. McAfee was running and up to date. It was some type of the fake alert trojan. The firewall stopped it from downloading something from the net but it took over security center and would open the fake virus program. It deactivated windows update and turned off real time scanning from security center. When you manually restarted it would switch off in seconds. McAfee update was also deactivated. I manually deleted the xkf.exe file it was trying to execute and ran Superantispyware. It found several files and broken links. I restarted in safemode and tried to run malwarebytes, It would open the fake alert window. I then renamed the malwarebytes exe and started it. It found a fake alert trojan in application data under the documents and setting folder. After I removed it I restarted windows and found that the windows update link was broken along with the McAfee update.
I restored the system to an earlier point and it fixed the windows update but McAfee was still broken. I deleted McAfee and tried to reinstall it. After waiting over an hour for it to down load it failed. I tried again and it failed. I live in a rural area and have to use a satellite link and it used up my daily bandwidth. I stayed up all night to use the free time and again it failed. This time it would get half way through the down load and I would get a message that it failed and try again. Virtual technician would not function and I could not down load it. I used the removal tool to remove the program and ran the pre-install program and still it would not down load.
I downloaded MS Security essential and it found Java/CVE-2010-0840BJ and removed it.
I'm a little frustrated that McAfee failed to detect this bug and even more frustrated on the time I spent trying to reinstall McAfee. Why is the program so bloated that it takes hours and hundreds of megs of bandwidth to down load. I even tried to download just the antivirus portion and that was still huge and it also failed halfway. Giving me a message that it encountered a problem and had to shut down.
It left half of the McAfee files on the system but nothing that functions.
Anybody have a clue on what I'm doing wrong.
The computer is a Dell Dimension 8400, 3g ram, Windows XP sp3 home edition, wired router with Hughes net satelite.
Ex_Brit and Peacekeeper know more about the installation process than I do, but I will hazard a guess that either you still have a residual infection or that the malware that infected you has removed, renamed, or corrupted files and/or registry entries.
What you were infected by is a Java exploit classed by Microsoft as Severe -
Java/CVE-2010-0840.BJ is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. When a user visits a website that contains the applet using a computer that has a vulnerable version of Sun Java, security checks may be bypassed, allowing arbitrary codes to be executed.
If you really need Java, it is vitally important to make sure that it's totally up to date : new Java exploits are frequent, and patches are coming out all the time. Use the Java console in Control Panel to enable automatic updates; and remove all old versions from your system - see Java's advice on this. If you don't really need Java, it might be better to disable it or remove it completely.
Before either of the others can offer specific advice they'll need to know what McAfee package you've got.
You may need something like RKill to check for and kill any malicious running processes before you can proceed with downloading and installing any security software.
Thanks for the info. I've noticed some other problems also. I had a limited user account and the search feature doesn't work. I just get the silly dog and it's blank above him. Usually there is the option to search folders, files, etc. Also I updated java to the latest version and now the tab for manually updated is missing. I deleated Java and I'll wait to see if I really need it. Any clue on how to turn the search function back on?
Apologies, I missed your last post when it came in.
Java : I don't know why the manual-update tab is missing. Does your Java Control Panel look like the one below?
Search : I assume you mean from Start-->Search-->For Files and Folders?
I got rid of the animated figures ages ago, and now I can't remember how I did it :-)
The XP Help and Support Center isn't very informative about this, and nor is Search Companion.
I can't even see any information about the file(s) that make up Search, so I can't recommend which ones to re-download if required. The only thing I can think of is to run chkdsk, and see if that fixes anything; and then Start-->Run-->sfc /scannow which will look for any missing or damaged system files and replace them if necessary from the backup store (you may not get the latest versions though, be aware of that).Message was edited by: Hayton on 22/05/11 18:57:06 IST
I think a Windows Update replaced the Search Companion with a more advanced version of search, forgot what it's called now and with my memory I doubt I'll recall it. There are ways and means of going back to the old search I believe.
However if it's blank or not functioning in the first place then I would say a repair install is required as it would appear that the infection has corrupted Windows.
To do a repair install you would need an XP SP3 disk, do you have one or could you make one?
By the way that Java exploit could have been avoided by keeping Java updated.
Also make sure that Windows is kept up to date as Security Updates are released monthly and sometimes more frequently.
I only use XP now in Virtual Machine form so am a little rusty on this but I'll try my best to offer good advice.
Edit: Just found out what replaced the Search Companion and how to get it back: http://www.winhelponline.com/articles/123/1/How-to-reinstate-Windows-XP-Search-Companion-after-you-i...Message was edited by: Ex_Brit on 22/05/11 1:25:23 EDT PM
Thanks Peter, The disk that came with my machine only had sp2, Windows update downloaded sp3. I'm kind of stuck between a rock and a hard place. My satellte connection only gives me so many megs of download a day, when I exceed it basically shuts down for 24 hours. So if I plan to stay up all night to use the free time from 2 am to 6 am I want to be sure the down load will work.
I was pretty religious about keeping windows, Mcafee and java updated. Automatic update was set for all of them. I believe the virus came from my yahoo email start page. As soon as I opened it the fake alert appeared and it tried to download the xkf.exe which malware bytes called trojan.exeshell.gen and hijack.startmenuinternet. Superanti spyware found trojan.agent/gen-fraudtool. It found several other problems but the log disappeared when I restored the system to an earlier date. After I installed security essentials it found the Java exploit.
I would like to reinstall Mcafee since I have another year and half on my subscription but it is making it difficult.
Making it difficult...what errors are you getting now? If the infection is gone then remove Security Essentials, run the McAfee cleanup tool available through Useful Links at the top of this page. Reboot and try the install again.
You must be signed in as a user with Administrative credentials to install software.
When this is sorted out you could make yourself an XP SP3 disk so you'll always have a repair disk handy.
There are a few guides on the web on slipstreaming SP3 into a system disk.
Take your pick. There are more if you decide to do a Google search.
There are also ways and means of repairing XP without a disk. However you may be better off asking questions about that on a Windows help forum.
Thanks Hayton, My Java screen looked like yours but missing the update tag. It was there before I updated but disappeared with the new update. I figured I was still infected so I deleted Java. Is chkdsk the same as the error checking tool? I ran that and it found no errors. Also the sfc/scannow command does it allow you to undo any changes it makes?
I did some searching on the microsoft support pages and found an article about a similar situation where search companion and several other features fail to work. They tell how to use the comand regsvr32 jscript.dll to bring it back. I followed there instructions but it did not have any effect on the limited user or other admin accounts I had set up. I have only one admin account that seems to function with the search companion. I checked the registry as they instructed and I have the lines they specified. I even replaced the jscript file by renaming it and replacing it with another copy. The version I have is 5.8.6001.23141 in the system32 folder. I have a dozen or so other copies in other ie folders, i386 folders and a few other places but they have different version numbers. I still have not been able to reinstall mcafee but security essentials is updated and I keep doing scans to detect any other bugs that may have slipped in.