2 Replies Latest reply on Jan 6, 2010 3:50 PM by Grif

    mcsmtfwk.exe file is infected?

      I am getting a pop up message on my computer when I turn it on that sates " the file mcsmtfwk.exe is infected"  and wants me to activate an antivirus software.  It looks like a generic message that is not from McAfee and it then redirects me to a website that wants me to purchase an antivirus software.  I cannot open the internet, or any other programs on my computer. If I try to open any files or program this message pops up.  It will not allow mcafee to run a scan.  Any ideas on what is happening or what I can do????  I am afraid it is a virus.  The icon on the lower left tool bar is a blue armor shield with a white stripe in it.  Any one know what this is?

        • 1. Re: mcsmtfwk.exe file is infected?

          Without a sample for analysis, we can't tell you much about the file in question. Please submit that file to www.webimmune.net and we will be able to investigate the issue further. Please contact technical support via free chat for further assistance on how to submit samples, if needed.

           

          Please be careful in order to get that file. Then, once submitted your sample, you will receive a confirmation of your submission that included an assigned Analysis ID number identifying your escalation.  Please let us know what is the Analysis ID you received.

           

          Maybe there are other suspicious files on the system, but let's take it one step at a time.

           

          Regards,

           

          Patty Ammirabile
          McAfee Labs

           

          Message was edited by: Patricia Ammirabile on 1/6/10 3:17:13 PM CST

           

           

          Message was edited by: April Jacobs on 1/6/10 3:26:37 PM CST
          • 2. Re: mcsmtfwk.exe file is infected?

            Bakerb,

             

            Although it's a good idea to identify offending files, it appears like you have a Fake antispyware infection and most often, the file identified in such isn't a real file or isn't infected at all. Please try the steps below to clean out the junk:

             

            Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

             

            First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
            There are 4 different versions. If one of them won't run then try to run the other one.
            Vista and Win7 users need to right click and choose Run as Admin
            You only need to get one of them to run, not all of them.

             

            Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
            Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
            Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
            Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
            _____________________

             

            IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

             

            Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

             

            Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
            http://www.besttechie.net/tools/mbam-setup.exe

             

            Malwarebytes Manual Updater link
            http://www.malwarebytes.org/mbam/database/mbam-rules.exe

             

            Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

             

            SuperAntispyware
            http://www.superantispyware.com/

             

            SuperAntispyware Manual Updater
            http://www.superantispyware.com/definitions.html
            ____________

             

            In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
            _____________________

             

            Hope this helps.

             

            Grif

             

             


             

             

            Message was edited by: Grif on 1/6/10 1:50:53 PM PST