BTW the firewall can block an IP this for 2010 version
Go to web and email protection
Connections and add the ip as blocked.
Of course with the firewall disabled better to clear virus first.
I think you need to uninstall Mcafee asap and reinstall. Do this via
BUT First follow the below steps
Step 1: Ensure Windows and McAfee are up to date
Run Windows Update, and also update on your McAfee software. SecurityCenter must be green and show that protection is enabled. If it is red, please post what item shows not protected.
Step 2: Run the FakeAlert Stinger
The most common malware is referred to as FakeAlert. It looks like valid security software.
- Please read this and follow all instructions: Important notice if you think you have a virus
- Please also read this and follow all instructions: Recognizing and avoiding Rogue Software or FakeAlert Trojans
If you're still having problems, try, the following:
Step 3: Run diagnostic scanners
- Restart your computer and press F8 repeatedly while booting up. You'll see a boot screen with choices.
- Using your cursor keys, select Safe Mode. Your PC will boot in a low resolution state and most processes will not be run.
- Go to My Computer (in XP) or Computer ( in Vista / 2007),
- Right-click the hard drive and select Scan from the drop-down menu. You'll notice an extra taskbar icon. If you hover over it, it will display a progress report.
- After the scan completes, make a note of anything it detected.
- Run the Stinger you downloaded from the instructions above, but this time set the options to Report Only, and set Artemis to VERY HIGH.
- Post to the community what (if anything) the Safe Mode scan reported, and also paste in the report from Artemis.
Step 4: Submit a sample to McAfee Labs
If you know which file is infected, please upload it using any of the methods described here: How to submit a sample to McAfee Labs.
There is always a gap in protection between when a new threat hits the Internet and a security vendor such as McAfee becomes aware of the threat and and combats it. McAfee uses Artemis technology to narrow that gap, but if we miss something, we must receive a sample of it. It could be a new variant that hasn't been discovered yet. If we have a DAT for it, the automated system will send you that DAT. If we don't yet, your sample will be assigned to a McAfee Labs Engineer for investigation.
Step 5: Remove the Virus:
Self Virus Removal
McAfee provides many free tools to assist you. In addition to our Virus Information Library: http://vil.nai.com/vil/default.aspx, where you can find information on thousands of viruses and malware, you can download diagnostic tools here: http://vil.nai.com/vil/averttools.aspx.
There are also many freely available tools on the Internet. McAfee urges caution in their use and assumes no liability for them.
Two of the most commonly downloaded tools are:
http://www.malwarebytes.org/mbam.php (This can also be downloaded and run from Safe Mode with Networking Support)
Be sure to use the free versions.
IMPORTANT: Neither of these tools is intended for use as a full protection virus scanner. They are best used for specific times when new malware, or a new malware variant, has released and conventional methods of removal have not worked.
McAfee Assisted Virus Removal
McAfee provides a fee-based Virus Removal Service which can be accessed here:
If no virus is detected, the fee will be refunded to you.
Our volunteer and employee moderators are happy to assist you within our best efforts here in the community. Please perform the initial steps 1-3 above and post the reports they generate in your initial thread. That way hopefully, we can get right to the troubleshooting.
I did just about everything you told me the thing is the this coder is some real pro or something i've done a scan with three scanners McAfee Kasperky and virustotal and it came out false positive. I have no clue what to do anymore im no coder or anything so i dont know how to fix this. I do know how it works because i saw a post in another blog from people go the same virus from the same place but apperantly this guy changes his methods frewuently because diffirent people have diffirent connection to diffirent ports in diffirent ways. So im just completly lost. Acording to a person the proof that it is a virus is that it writes iteself into the following directorys:
%APPFOLDER% (c:/programm files) under the name ffqsdff and under the name Cerebrus or other names to which he changes frequently
Both folders are hidden.
The explorer.exe gets code injected.
as soon as your explorer runs, your system establishes the connection to the ip-adress!!
and no, the ip-adress is not an auth server. cuz as soon as you turn on your pc, the explorer.exe establishes the connection to the ip.
Im not sure if its a worm or what but i need to know how i can get rid of this or block the port from acces. If Mcafee has some options or programs specificlly for this
or is this my problem now? Should i submit the file for inspection? Will Mcafee clean it once it is aware of it? Im just lost i need some help anything will be appreciated. Huge thanks in advance.
Submit the file asap the submision path is here if they say nothing there reply asking for deeper manual inspection and say why.
I showed how to IP block and port blocking can be done in a router and system ports blocked by
Block access to an existing system service port
You can close an existing port when you want to block remote network access for a system service on your PC.Task
1 Open the Firewall settings page. 2 Click Ports and System Services. 3 From the list of system services, clear the checkbox next to the port that you want to close. 4 Click Save.
Unsure if this helps