I have the same problem. Help plz.
I guess the first thing to do here is to try & run our fakealert stinger -
Hopefully, this will eridcate the broswer modification & the presence of this fake AV program. If it doesn't then we'll have to arrange for you guys to submit suspicious files to our support group for further analysis.
Additionally, it may be worth running the stinger in safe mode.
I tried the Fakestinger but to no affect. I re-ran McAfee Scan and it found 4 threats (attached). I shutdown & re-booted but the problem is still there. IE doesn't either (I think because of a safety measure - DEP?)
What else can I try?
In case the attachment doesn't open here is the detail of the report:
Elapsed time: 53:35
Scan engine version: 5301.4018
DAT file version: 5881.0000
Last update: November 21, 2009 (although I often click update now, this date hasn't changed?)
Completion status: Scan completed
Files scanned: 273944
File threats detected: 4
Files cleaned: 0
Files deleted: 4
Registry threats detected: 0
Registry threats cleaned: 0
Cookie threats detected: 0
Cookie threats cleaned: 0
In Type Object Threat Status
File Trojan C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\ Artemis!842DE988A5E5 Deleted
(This is repeated again, but in lower case)
File Trojan C:\WINDOWS\SYSTEM32\6A.TMP Generic PWS.y!bvz Deleted
File Trojan C:\WINDOWS\system32\6A.tmp Generic PWS.y!bvz Deleted
Hope someone can offer a suggestion as I am stuck! I have re-run the stinger in Safe Mode too, but no difference.
If I hit Internet Explorer icon several times, I eventually get a pop-up box referring to DEP - Data Execution Prevention, indicating that Windows is protecting memory by preventing executables running from protected memory locations. Great - but shouldn't Firefox do this too? DEP merely indicates the Trojan is still there.
Message was edited by: Marlin on 03/02/10 18:45:01 CST