4 Replies Latest reply on Jul 12, 2009 12:48 PM by ghale

    Why did McAfee fail?

      Saturday, July 11, 2009

      Today, I chatted online to your technical support and to your customer service via telephone. It was disappointing.:mad:
      Even though, I have a registered copy of McAfee with Cox Cable, the customer service could find no record of my current subscription. I even called Cox to confirm.
      My McAfee product is up-to-date and is a valid copy through Cox Cable.
      A couple of weeks ago I purchased a retail version of McAfee Security for the other tools not included with the Cox version. This copy has not been installed yet.
      My question is simple, but so far, no one at McAfee has been able to give me an answer.:confused:
      Yesterday, one of my home computers was infected with the following:

      Rogue.PersonalAntiVirus
      Trojan.BHO.H
      Trojan.FakeAlert

      My question is this:
      Even after my computer was infected (protected by McAfee at the time), I did a full scan and McAfee found no infections? :eek: This concerns me very much and I would like an explanation. I used Malwarebytes’ Anti-malware and it found the infections immediately and deleted them without any problems. I’m attaching the log for your review.
      Again, since I have just purchased McAfee Security Suite, I need to decide if I need to request a refund from McAfee.
      Can you help me with my question?

      Thanks.
      Glenn Hale
      Phone and email edited out for your security and privacy - Moderator



      Malwarebytes' Anti-Malware 1.38
      Database version: 2405
      Windows 5.1.2600 Service Pack 3

      7/10/2009 7:23:02 PM
      mbam-log-2009-07-10 (19-23-02).txt

      Scan type: Quick Scan
      Objects scanned: 100186
      Time elapsed: 6 minute(s), 18 second(s)

      Memory Processes Infected: 1
      Memory Modules Infected: 0
      Registry Keys Infected: 3
      Registry Values Infected: 3
      Registry Data Items Infected: 0
      Folders Infected: 3
      Files Infected: 6

      Memory Processes Infected:
      C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539- 581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      c:\documents and settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

      Files Infected:
      C:\WINDOWS\system32\msxmlm.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
      c:\program files\personalav\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      c:\program files\common files\uninstall\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      c:\documents and settings\all users\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      c:\documents and settings\all users\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      c:\documents and settings\hp_administrator\Desktop\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
        • 1. RE: Why did McAfee fail?
          happy Hi.
          First of all I have to tell u i've had good expiriance about many av programs. Now i use MCAFEE TOTAL PROTECTION 2009.

          Last year i used Kaspersky internet security and it's was looking well. i tested KIS with lot of different kind malwres and kasper. had good rate of detection. Few monts after simply
          i tried install Avira free at first scan, it found 30 trojan-vundo! Unbelievable,i thought!
          I couldn't belive number of missing trojans! It is known that, sometimes av programs faild.
          And Avira had faild with few trojans. I allways have installd Malwarebytes and sometimes make scan,to be sure that my comp. is clean,because malwarebytes can clean all.
          Yesterday I tested McAfee with 2 folders where are full of troj,virus,etc. and it was pass with high rate of detection and definitly i'm very satisfied with McAfee products.
          wink
          • 2. RE: Why did McAfee fail?
            Peter M


            For starters you need to do some research on this subject, you will find that there are many types of malware or fake anti-spyware/anti-virus applications which can fool any antivirus application on the market.

            So giving up on McAfee (or any other anti-virus) on the strength of one or two examples is a losing game, because the next anti-virus will do the same.

            Malwarebytes wont stop most viruses that McAfee will stop as if you read your own report above you'll see that it was a rogue anti-virus that it discovered, which is basically software masquerading as genuine protection software.

            You should make sure that your system is airtight by keeping Windows totally updated at all times with both critical and non-critical updates, plus keep one or two good anti-spyware applications handy just in case, and most importantly, practise safe surfing.
            We recommend some anti-spyware applications here: http://community.mcafee.com/showthread.php?t=136913

            Lastly, never, ever post a phone number and email address on a public forum as spambots roam the web automatically harvesting them.
            I will now edit those out.
            • 3. Thanks for the rersponse
              Peter:

              Thank you for taking the time to respond to my question and helping me feel safe with McAfee products. I know it's a great product, but I just didn't understand. Also, thanks for editing information that I misguidedly posted. My faith is restored!;)

              Glenn Hale
              • 4. RE: Why did McAfee fail?
                Peter M
                You're welcome.