3 Replies Latest reply on Nov 22, 2009 1:51 PM by secured2k

    Unexpected bad behavior

      Hello,

       

      I've noticed a strange behavior of my machine lately and I guess it could be a trojan/rootkit/etc. I have MaAfee installed & running since machine was 0km but sometimes MaAfee simply gets disabled and the software begins to tell me "action must be taken, you're not completely safe". I noticed erratic network traffic aswell so maybe, I don't know ...

       

      Well, please find attached the "Homework". Unfortunatelly I can't figure it out by myself what is expected and what is a true invasion

       

      freescan reported nothing (hey, it should work within Firefox too and not only with (ARGHHH) IE!)

       

      Can anyone help ? Tks in advance.

        • 1. Re: Unexpected bad behavior

          I looked over your logs and couldn't find anything major blaring that you have anything suspicious or malicious running on your computer. This doesn't mean the computer is safe, but it is HIGHLY unlikely you have a common virus or rootkit. If you want to double check using a method that would be immune to extremely advanced rootkits, you can try my boot CD I created for difficult to remove malware.

           

          Secured2k BootCD - Malware/Rootkit Removal

           

          The behavior you were referring to might be a bug or flaw in McAfee's recent update and I am told they are investigating the issue. You may want to post in the VirusScan forum or contact Technical Support if you are interested in trying to help locate the source of this problem with McAfee's Techs.

          • 2. Re: Unexpected bad behavior

            Hi Mark,

             

            thanks for your time looking through my data. It possibly is a McAfee bug, but since some bots could install malicious dll code into the McAfee programs to stop them at the "right" point of time I got worried.

             

            In the process I've learned a lot about how infection may occurr this days.

             

            Regards

            • 3. Re: Unexpected bad behavior

              While it's true some malware will try to load inside other program, tools like RootRepeal and GMER would detect if there is hidden code loaded. There was no indication of some bad third party code in your autoruns log which would show pretty much everything that automatically starts up with your computer.