2 Replies Latest reply on Sep 26, 2010 2:04 AM by vinoo

    fake windows defender has taken over internet connection - what can we do now?

      We have a Dell computer running XP.  We have been running McAfee continuously since we had the computer, and always update it, so we thought we were protected.   Earlier this week, we noticed some strange behavior, so we shut the computer down and got on the online chat on another computer.  The person in the chat automatically refered us to the $89 virus removal service without asking questions or trying to figure out what the problem might be.  We were disappointed in the lack of help, especially after subcribing for many years, so we turned the XP back on and used the McAfee scan, which told us everything was updated and fine.  The computer seemed to work OK for a day, then yesterday we started getting messages asking us for credit card numbers for antivirus protection.  Looking it up on the web (on the other computer) we found it was a noted av.exe file.  Going back to McAfee, we found the stinger file in the community and tried that.  It seemed to work, identifying four trojans including "alert wwsec trojan".  Unfortunately, it didn't phase the fake anti virus, it seemed to make it worse -- now it has taken over the internet connection on that computer, so we can't even try use the virus removal service.    What can we do now?

        • 1. Re: fake windows defender has taken over internet connection - what can we do now?
          maziz

          Hi

           

          It is possible that it may just be the web browser that has been hijacked. In which case, you may be able to get around this by downloading another free browser and installing it on the machine. You may have to use another clean machine to download the installation files for the browser onto a removable media e.g. CD or USB and then transfer the files over to the affected machine and then run them on the machine.

           

          e.g. You may be using Internet Explorer to browse and may have to download alternative free browsers like Mozilla Firefox or Google Chrome

           

          If this works then you have temporarily bypassed the browsing issue but I would still recommend that you refrain from browsing on this machine, especially to sites which require a Username and Password as you dont know what may be on the machine.

           

          Can you please follow these instructions initially but also let me know what you use as your primary browser and which version e.g. Internet Explorer version 7.0 or 8.0 etc

           

          Thanks

          • 2. Re: fake windows defender has taken over internet connection - what can we do now?
            vinoo

            If you suspect you're infected and have trouble finding what is causing the infection, I'd suggest giving this handy tool a try.

             

            "McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine."

             

            Get it from here:

            https://community.mcafee.com/message/148081#148081

             

            Once GetSusp identifies and collects the suspect files, post the logs here and we community members can help.

             

            Regards,

            Vinoo Thomas

            Technical Product Manager, McAfee Labs