1 2 3 4 Previous Next 33 Replies Latest reply on May 26, 2010 6:14 PM by Tierra


      I'm running Windows Vista Home Premium and update Spyware Blaster, Windows, Malewarebytes, and McAfee Security Center at least once per day and run scans daily with Windows Defender, McAfee, and Malewarebytes. I also have WOT and McAfee Site Adviser and ABP.


      Several days ago after scanning McAfee said there were 2 Exploit-URLSpoof.gen and it said it had quarantined them. I ran another scan and said the same thing.  Every morning scan since and if I run in the afternoon scan I'm getting the same thing and also now there are messages about cookies in Firefox - which I have set not to accept cookies except from a very few sites.


      And there was an "i" over the McAffee shield on the task bar - so I don't think it's getting rid of the problem.  In fact, with each new day the problem seems worse and McAfee isn't really taking care of this problem; although it says it is.


      When I click on the request for more information it sends me to a URL that says that it has 0 results matching:




      Windows defender and Malewarebytes didn't find any problems.


      I also cleared all the cache and cookies several times (do anyway usually when getting off the computer - but this is during usage) after the first scan turned up a problem. I thought I saw something about Firefox cache in the message from McAfee.


      The problems with this keep getting worse and now the cookie problem is getting much worse each day.


      I ran McAfee in safe mode with Networking Support and it Kept getting Real-time scanning is off, even after turning it on repeatedly and it found one error but wouldn't finish scanning.

        • 1. Re: Exploit-URLSpoof.gen

          Hi this is kumar,

          always mcafee  will be disabled in safe mode with networking since the system boots only with the basic drivers in safe mode with networking or safe mode .thats thereason its telling like realtime scanning and the other scannings are disabled .


          Inoredr to delete the temp files and cookies you can do  a mcafee quick clean  .


          also you can go to  Start > Run (or press windows r in your keyboard)> temp > delete the files and folders inside the temp window .


          Go to Start > Run (or press windows r  in your keyboard)> prefetch > delete the files and folders inside the temp window .


          go to Start > Run (or press windows r )> %temp% > delete the files and folders inside the temp window .


          going to  internet explorer > at the very top you will have the menu bar where you have file edit view tools help ( if not press the key "F10 " in your keyboard )


          go to  tools > open " internet options " by  clicking it . Then go to " General " tab and delete the temp filesand cookies and browsing history


          If you have multiple security program (more than one antivirus or antimalware or anti spyware at the same time then due to conflicts between them   some viruses might creep in . try to do   scan with mcafee after doing mcafee quick clean .




          Message was edited by: kumar on 5/19/10 9:29:11 AM CDT
          1 of 1 people found this helpful
          • 2. Re: Exploit-URLSpoof.gen

            I've done all that Kumar suggested and ran another scan and it once again found another


            This continues to happen and now the files say there are several trojans - all


            • 3. Re: Exploit-URLSpoof.gen

              just open mcafee : if its mcafee 2010  go to the navigation and  go to " history and logs " and try to click "threats detected " (scan information ) try to remove virus from there in the scan result  .

              if its 2009 try  clicking " view recent events "> view log> detection log > try to remove the infection from there .


              also still if you are not able to remove the infection try going to safe mode with networking and then  go to  start > computer(my computer ) > local disk or hard disk (os)" c "drive > right click it and initiate  scan by clicking scan which will run for more than an hour .



              also Just try this stinger tool once "http://download.nai.com/products/mcafee-avert/fakealertstinger.exe" click this link and then  click run > run > and click scan now . This will take a long time . once this is done restart the system .

              • 4. Re: Exploit-URLSpoof.gen

                I think I have 2010; however, when I went to

                to the navigation and  go to " history and logs " and try to click "threats detected " (scan information ) try to remove virus from there in the scan result there was no way to remove.

                I tried by going to Quarentine and trusted Items according to help but it only had a button to send to McAfee - I find no buttons or anything to remove a quarantined



                I can't get McAfee to run in Safe Mode with Networking support.


                I ran Stinger fake alert but can't find a log.  It says number of files clean 240283


                Could this trojan have affected my version of McAfee and that's why it's not able to remove but only send?  And why it won't scan in safe mode with networking support?

                • 5. Re: Exploit-URLSpoof.gen

                  McAfee has posted a link in dealing with this stuff. Looks like you may have tried a few suggestions here already.

                  Required Reading - Home User Assistance Malware Troubleshooting


                  Here are a few more suggestions. Try to run Malwarebytes www.malwarebytes.org and SuperAntispyware www.superantispyware.com bot of which are free. It would be advisable to download these from a clean PC and put them on a USB stick. I would suggest you rename the download and also to rename the installation folder as your infected pc may not view these as a threat by virtue of renaming them. If you can get them installed check for the newest updates and run the programs. They will quarantine and clean out what they find and hope that they find your above named exploit and get rid of it for you.


                  Good Luck

                  • 6. Re: Exploit-URLSpoof.gen

                    If you read the first paragraph, you'll know that I have Malewarebytes and keep it updated and run every day and it's not found anything.

                    • 7. Re: Exploit-URLSpoof.gen

                      Yes I read your first paragraph. All I'm saying is your pc with Malwarebytes running has probably immunized itself. That is why I am suggesting you to proceed as I posted by renaming it to something you know, so we can do a workaround to fix your issues.

                      • 8. Re: Exploit-URLSpoof.gen

                        Also when you clean the temp files disable system restore that is /could be where the file is popping up from. When detected did it say where it was?


                        Tom's suggestion can work I used it with my son in Laws PC and  the url deverting malware hid from MWB and stopped updates.

                        • 9. Re: Exploit-URLSpoof.gen

                          I was finally able to delete the files in McAfee - no one said it could only be done in Administrator mode.  However, when I ran again (and it's still running) it's found something again right away.


                          If I remember correctly, the path was in Firefox's cache - which is constantly cleaned out when I log off Firefox.


                          (BTW, it just finished and it's the same Trojan that and says in Firefox's cache).


                          I can't do the trouble shooting tests today probably - but will by tomorrow - is the stinger report run in safe mode also?


                          I don't know much about computers - so how would I rename something? I don't have access to another computer at all.  If the problem is with Firefox can I just uninstall it and reinstall or use another browser?  Please give baby steps for me and let me know what has to be done as an administrator as the only time I go into the administration mode is to update Malewarebytes (and it seems to be updating fine).


                          Thank you.

                          1 2 3 4 Previous Next