7 Replies Latest reply on Sep 22, 2011 6:19 AM by Nitin Kumar

    Facebook virus/ trojan?

      Hi all,

       

      Like a prize halfwit I've picked up a virus on the home laptop by clicking on a link on a friends facebook account, a "you've got to see this" link. I ran the McAfee virus scan which I set to switch the machine off when it completed. Now when the machine is switched on, even in safe mode a "control panel" comes up (instead of the desktop) with various options (Personal anti virus; web-browser; web firewall; browser settings; media; data; downloads; privacy and security; P2P and Sharing) but none of is branded McAfee, so I'm not sure whether to trust it. I can't seem to get any further through without it telling me licences are out of date or invalid, and that there is no anti-virus or firewall on the machine (there is, updated in November 2009).

       

      Help?!?

        • 1. Re: Facebook virus/ trojan?

          Hi Mike,

           

          No, it does not sound like something to be trusted.

           

          I think you need to create bootable CD, as described in this thread: http://community.mcafee.com/thread/6923

           

          Booting from this CD will allow you to clean the infection before it has a chance to run.

           

          Hope this helps,

           

          Irene

          • 2. Re: Facebook virus/ trojan?

            Thanks Irene.

             

            I've passed the machine to our IT guys at work to see if they can sort my little mess out before I get me hands dirty. I'll give this a go if they can't. I can still use the machine, once I Task Manager the "Control Panel" closed, but the desktop is blacked out and the only way I can use it is to use Task Manager to open things, but it seems everything that is on the machine is still there, even the screensaver photo show runs. The "Control Panel" states that my "licences" have expired (the word licence is misspelt on the bar at the top) and when you try to do anything on it it says you're not allowed, but you can renew your licences for a fee "please enter your credit card details". Yeah right!

            • 3. Re: Facebook virus/ trojan?

              Just an update. The IT guys have done a reat job, and everything seemed to functioning well, however, when I put somethin into a search engine, like yahoo or google, and I clicked on a result, it would take me to another search engine results page. I tried to go to McAfee and it took me to "Stopzilla" whihc is not something I'd heard of, so I backed out. So despite the best efforts it's still not right. Hopefully they can have another go today.

              • 4. Re: Facebook virus/ trojan?

                Search redirection is quite common consequence of such infections. Your IT guys sound quite knowledgeable, so they've probably done it before.

                If not, please come back here and we can discuss how to restore browser defaults.

                 

                Good luck,

                Irene

                • 5. Re: Facebook virus/ trojan?

                  Thanks Irene. The problem is now solved, IT used a program call Malwarebytes, which picked up and removed two items. I then perfromed a system restore to two days before the virus hit, and all is functioning well now.

                  • 6. Re: Facebook virus/ trojan?

                    Hi, I just wanted to let you know the same thing happened to me. I clicked the video a friend posted, but it wasn't from my friend. He said he never posted it. I had to hire a techie to come to my house. He used Malwarebytes and also did a system restore. What did I learn from this. Mcafee is useless and I am wasting my money for a paid subscription. Mcafee did not stop the virus from hitting my machine. Even after I ran virus scan twice, mcafee didn't find the virus, it said my computer was okay. My mission is now to tell everybody I know that mcafee is useless.

                    • 7. Re: Facebook virus/ trojan?
                      Nitin Kumar

                      For some reason this thread is returned high in the google search when looking for "defender.exe" so I'm going to post up some advice and then lock the thread.

                       

                      If you need assistance with a new undetected version of a fakealert infection please start a new thread in our Top Threats space, however first of all do try and remove the infection using our FakeAlert Stinger tool - instructions for which can be found on the link.

                       

                      If you would like to send us a new variant of a defender.exe please follow these instructions. Once you have submitted please post up the analysis ID we respond with in the

                      Top Threats space so that we can follow up on it for you.

                       

                      Hope this helps,

                      Nitin