5 Replies Latest reply on May 1, 2010 1:40 PM by fatafelice

    I have a rootkit that McAffee doesn't find...How do I get rid of it?

      I have a rootkit called "Carbonitepreinstaller" that shows up in my processes every time I restart my computer.  I have run several scans, but my McAfee program (which has been updated), does not find or remove this program.  I can't find a McAfee technical support email address (at least not one for a home user), and the chat system isn't working at the  moment.  Anyone have an idea about how I can get rid of this thing?

        • 1. Re: I have a rootkit that McAffee doesn't find...How do I get rid of it?
          k3tg

          See this link as it will assist you in resolving your issue

           

          Required Reading - Home User Assistance Malware Troubleshooting

           

           

          You can contact Technical Support Chat under Useful Links at the top of this page. They are available 24 hours a day.

          • 2. Re: I have a rootkit that McAffee doesn't find...How do I get rid of it?

            I will check out the link, but I the chat is down for service until tomorrow.

            • 3. Re: I have a rootkit that McAffee doesn't find...How do I get rid of it?
              rmetzger

              fatafelice wrote:

               

              I have a rootkit called "Carbonitepreinstaller" that shows up in my processes every time I restart my computer.  I have run several scans, but my McAfee program (which has been updated), does not find or remove this program.  I can't find a McAfee technical support email address (at least not one for a home user), and the chat system isn't working at the  moment.  Anyone have an idea about how I can get rid of this thing?

              Carbonitepreinstaller.exe (Google it), is generally not considered a negative file process. My guess is that somewhere along the line, the Carbonite backup system, (on-line backup stored and managed by Carbonite, Inc. for a yearly fee) was started and possibly not finished. Unless you have a version of this that is infected outside of Carbonite's control, this is generally not a rootkit.

               

              To stop this process from running, you should be able to run MSConfig. Under the Services tab, look for this service and simply uncheck this service so that it no longer starts with your system. Reboot, and check that the service is not running.

               

              I hope this helps. Post back with more questions.

              Ron Metzger

               

               

              Message was edited by: rmetzger on 5/1/10 12:32:46 PM GMT-05:00
              1 of 1 people found this helpful
              • 4. Re: I have a rootkit that McAffee doesn't find...How do I get rid of it?

                I actually Googled it when it first showed up, and several tech forums said it was a rootkit.  I just Googled it again, as you suggested, and got different information.  Interesting. 

                 

                Regardless, I did not download it, and neither did my husband, so it shouldn't be on there.  I did as you said and tried to fix it in MSConfig (had to disable it under 'Startup' not 'Services').  Then when I restarted, I was able to uninstall it.  Hopefully it is gone for good.  Thanks for your help.

                • 5. Re: I have a rootkit that McAffee doesn't find...How do I get rid of it?
                  rmetzger

                  Yes, I believe that you did not 'intentionally' download this. It is common for programs to have 'Opt-out' check boxes on updates to things like Java, Flash, or similar programs with attached toolbars and appended programs that tend to 'pay' the way for these 'free' updates.

                   

                  That said, I think it is wrong for these otherwise needed and required updates to foist these appendages upon unsuspecting people. But the free market . . .

                   

                  Carbonite is not the worst of the programs out there, but I for one do not trust someone else, unseen and uncontrolled, handling my backup data. They are a reputable company, but I am not convinced.

                   

                  So, your desire to remove it from your system makes sense to me, and I concur that it should not have been installed, even partially, without a great deal more Affirmative 'Yes-I-Want-This-Now' approach.

                   

                  Basically, we as a society, need to really watch the 'Opt-Out' check boxes that appear way down on these security updates.

                   

                  Good Catch, and good luck.

                  Ron Metzger