1 2 Previous Next 15 Replies Latest reply on May 13, 2010 6:26 PM by exbrit

    Cannot update McAfee, Spybot, Adaware, or even Windows...

      I cannot update McAfee, Spybot, or Adaware, and nothing is detecting a problem. Windows Update even doesn't work (it always used to...)

       

      I think my browser is hijacked! And I don't know what to do to fix it. For the past few days, some websites were not working...I thought they were down, but now I think it is something malicious that is trying to prevent me from using websites...

       

      When I go to download a manual update for any of the above, the website "cannot be found".

       

      I have a Compaq Presario SR5130NX, running Windows Vista. Please, please, I need a serious fix!

       

      Thanks

       

       

      on 5/12/10 7:11:49 PM CDT
        • 1. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...
          exbrit

          Things may work in Safe Mode with Networking.

           

          See http://community.mcafee.com/docs/DOC-1294

          1 of 1 people found this helpful
          • 2. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...

            I'm sting(ing) right now in safe mode. I will try to updates through this too...

             

            EDIT: I thought I'd never be happy to say this, but stinger found a trojan! But I had to scan my d: drive (restore and backup drive)...it found 2 instances so far, but I got it scanning on high heuristics and even scanning boot sectors, so it might be an hour or two...here is what Stinger found so far though:

             

            d:\hp\apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis

                 Found the Artemis!FD2A81A6833D trojan !!!

            d:\hp\apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis

                 Found the Artemis!6544E311EB66 trojan !!!

            d:\hp\apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis

                 Found the Artemis!C8395752B4AF trojan !!!

            C:\GamepotUSA\FantasyEarthZero\FEzero_client.exe

                 Found the Artemis!7A63A6B7BDDE trojan !!!

             

            So any info on this? I'll post more if/when they come...

             

             

            Message was edited by: UnknownStory on 5/12/10 10:48:42 PM CDT
            • 3. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...
              exbrit

              It should be noted that Artemis detections are sometimes false and in your case it appears not to like some games.  I'm not saying that's the case here but Artemis is the name given to unknowns which are sent to McAfee.  So I moved this from Hoime User Assistance to Artemis Discussions.

               

              See this article on what to do with Artemis: http://community.mcafee.com/thread/2016

               

              Also:  What is Artemis & Information needed for possible Artemis false positive investigations

               

               

              Message was edited by: Ex_Brit on 13/05/10 7:13:44 EDT AM
              1 of 1 people found this helpful
              • 4. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...

                I'm sting(ing) right now in safe mode. I will try to updates through this too...

                 

                EDIT: I thought I'd never be happy to say this, but stinger found a trojan! But I had to scan my d: drive (restore and backup drive)...it found 2 instances so far, but I got it scanning on high heuristics and even scanning boot sectors, so it might be an hour or two...here is what Stinger found so far though:

                 

                d:\hp\apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis

                     Found the Artemis!FD2A81A6833D trojan !!!

                d:\hp\apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis

                     Found the Artemis!6544E311EB66 trojan !!!

                d:\hp\apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis

                     Found the Artemis!C8395752B4AF trojan !!!

                C:\GamepotUSA\FantasyEarthZero\FEzero_client.exe

                     Found the Artemis!7A63A6B7BDDE trojan !!!

                 

                So any info on this? I'll post more if/when they come...

                 

                 

                Message was edited by: UnknownStory on 5/12/10 10:48:42 PM CDT

                 

                EDIT2: Alright, here is the Stinger Log:

                 

                 

                Scan initiated on Wed May 12 21:30:34 2010


                d:\hp\Apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis


                     Found the Artemis!FD2A81A6833D trojan !!!


                d:\hp\Apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis


                     Found the Artemis!6544E311EB66 trojan !!!


                d:\hp\Apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis


                     Found the Artemis!C8395752B4AF trojan !!!


                C:\GamepotUSA\FantasyEarthZero\FEzero_Client.exe


                     Found the Artemis!7A63A6B7BDDE trojan !!!


                C:\Nexon\MapleStory\HShield\ehsvc.dll


                     Found the Artemis!6B133C25A746 trojan !!!


                C:\Nexon\MapleStory\HShield\Update\patch\39\ehsvc.dl-\ehsvc.dl-.out


                     Found the Artemis!6B133C25A746 trojan !!!


                C:\Nexon\MapleStory\HShield\Update\patch\39\hsupdate.ex-\hsupdate.ex-.out


                     Found the Artemis!7D1DC69E44C1 trojan !!!


                C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll


                     Found the Artemis!541C9A66CE74 trojan !!!


                C:\ProgramData\NexonJP\NGM\NGMDll.dll


                     Found the Artemis!14FDF09CB5E3 trojan !!!


                C:\ProgramData\NexonUS\NGM\NGMDll.dll


                     Found the Artemis!F7B91CDBC527 trojan !!!


                C:\Users\All Users\NexonJP\NGM\NGMDll.dll


                     Found the Artemis!14FDF09CB5E3 trojan !!!


                C:\Users\All Users\NexonUS\NGM\NGMDll.dll


                     Found the Artemis!F7B91CDBC527 trojan !!!


                C:\Users\C J\AppData\Local\VirtualStore\Program Files\Gameforge4D\AirRivals\1.0.0.13_1.0.0.18.zip\AirRivals.atm


                     Found the Artemis!D9D8D1DDB394 trojan !!!


                C:\Users\C J\AppData\Roaming\Mozilla\Firefox\Profiles\tg0wbeu2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07103010.dll


                     Found the Artemis!66820810D5D4 trojan !!!


                C:\Users\C J\Documents\Downloads\NexonGameManager.exe\0019dec8.EXE


                     Found the Artemis!F7B91CDBC527 trojan !!!


                C:\Users\C J\Documents\Downloads\NexonGameManager.exe\000b8d00.EXE


                     Found the Artemis!F7B91CDBC527 trojan !!!


                C:\Users\C J\Documents\Downloads\TVUPlayer.exe\23.nsis


                     Found the Artemis!FEC75DAFED2B trojan !!!


                C:\Users\C J\Games\Emu\Gen, SMS, GG\gens+.exe


                     Found the Artemis!DDFE3AAA44E9 trojan !!!


                  Number of clean files: 656660


                  Number of Trojans: 18

                 

                But it looks like it is all false positives...

                 

                 

                And I just completed a "Right-Click Scan" on the "Computer" and it came up with no hits. So what is my next action?

                • 5. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...
                  exbrit

                  Any false detections should be submitted as per http://community.mcafee.com/thread/2016

                   

                  However as this thread started withy you obviously having some kind of infection I would hold off doing that for now.

                   

                  Try doing this in Safe Mode with Networking (reached by tapping F8 while booting up).

                   

                  Go to http://www.malwarebytes.org/mbam.php and look for the FREE version.

                   

                  Save the download as another name to your desktop, name it 123456.exe or similar.

                   

                  Click on that and install it, update it and then run it - full scan and let it remove anything it finds.  Reboot if asked to.

                   

                  See if that cures what you reported in your first post.

                  • 6. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...

                    My hijacked browser is preventing me from visiting the website.

                     

                    Edit: but I think I can get it off of CNet

                     

                     

                    Message was edited by: UnknownStory on 5/13/10 2:24:27 PM CDT

                     

                    Edit2:

                     

                    Here is the log for mbam:

                     

                    Malwarebytes' Anti-Malware 1.46

                    www.malwarebytes.org


                    Database version: 4097


                    Windows 6.0.6002 Service Pack 2

                    Internet Explorer 8.0.6001.18882


                    5/13/2010 1:49:13 PM

                    mbam-log-2010-05-13 (13-49-13).txt


                    Scan type: Quick scan

                    Objects scanned: 141217

                    Time elapsed: 14 minute(s), 41 second(s)


                    Memory Processes Infected: 0

                    Memory Modules Infected: 0

                    Registry Keys Infected: 1

                    Registry Values Infected: 0

                    Registry Data Items Infected: 3

                    Folders Infected: 0

                    Files Infected: 3


                    Memory Processes Infected:

                    (No malicious items detected)


                    Memory Modules Infected:

                    (No malicious items detected)


                    Registry Keys Infected:

                    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{rfr4710v-0ujj-2134-33vh-8l3dm3e8ew6d} (Generic.Bot.H) -> No action taken.


                    Registry Values Infected:

                    (No malicious items detected)


                    Registry Data Items Infected:

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{8608992a-b5ef-4553-917a-1d785016bafe}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{bcedbdef-0775-40fe-aec2-172494db3901}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.


                    Folders Infected:

                    (No malicious items detected)


                    Files Infected:

                    C:\Windows\System32\spool\prtprocs\w32x86\00002ded.tmp (Rootkit.TDSS) -> No action taken.

                    C:\Users\C J\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.

                    C:\Users\C J\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> No action taken.

                    Scary! What is my next step, oh wise wizards of the anti-maliciousness!

                     

                     

                    Message was edited by: UnknownStory on 5/13/10 3:03:32 PM CDT
                    • 7. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...
                      exbrit

                      It prevents you even in Safe Mode with Networking?  That's Safe Mode with the internet.

                      • 8. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...

                        Nope, it's blocking me even in Safe Mode.

                        Spybot's website is blocked, windows update, certain sections of McAfee... this is a tough little piece of malware.

                        • 9. Re: Cannot update McAfee, Spybot, Adaware, or even Windows...
                          exbrit

                          That's too bad.  If it were my machine I would format and reinstall the system at this stage.   Failing that I would go for paid virus removal or a PC repair shop

                          1 of 1 people found this helpful
                          1 2 Previous Next