1 2 3 Previous Next 190 Replies Latest reply on Jun 2, 2011 7:37 AM by mjmurra





      Just wanted to keep everyone posted about a minor release of GetSusp version



      + Scans additional registry locations for malware
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\*.*


      - Removed DAT version and date being displayed in GetSusp as the tool is independent of DATs; it's uses McAfee GTI for file reputation.


      The product guide and FAQ can be found here:


      Product Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22668/en_US/GetSusp.pdf

      GetSusp FAQs: https://kc.mcafee.com/corporate/index?page=content&id=KB69385


      I'll be glad to help with any questions you may have.


      Vinoo Thomas
      Technical Product Manager, McAfee Labs



      The latest version of GetSusp is hosted at: http://downloadcenter.mcafee.com/products/mcafee-avert/GetSusp/GetSusp.exe


      Message was edited by: vinoo on 18/7/11 4:55:07 PM IST
        • 1. Re: GetSusp

          I can't figure out how to kill this virus ... HELP please!

          I don't know which one of the logs you need.


          When I boot up on safe mode I get the blue screen of death and says that windows detects a virus.

          We run McAfee software on all computers in office .. no idea how this one got by.

          Please HELP!



          • 2. Re: GetSusp

            Thanks for posting the password.  Attached is what I hope you need to help me out.  I am running Windows & Ultimate and Internet Security 2010.  I started seeing Antivirus Action after what appeared to be a Java Update downloaded.

            • 3. Re: GetSusp

              Thanks for posting the logs. Next time please post the entire gsusp.zip file that gets created.


              Both of you are infected with differnet variants of the same Trojan. Detection for these have been added to the DATs as FakeAlert-SpyPro.gen.ak Trojan.


              md5: c110915658c2c5ea52e50079145216f6


              md5: 69148440abb83b5d667e76eb0e07952c

              • 4. Re: GetSusp

                Hey, i will start by saying i am rather hopeless when it comes to computers other than following instructions, i was infected with the Antivirus Action virus and after following the steps on the website posted on the Antivirus Action post i thought i had rid my computer of it, but on startup in normal mode it started to run again. Although i have disabled it's execute order internet is not running properly so i couldn't post the getsup report directly.


                Also i was infected with the google redirect virus a while ago and was not sure how to get rid of it.


                anyway, thankyou for your help.

                • 5. Re: GetSusp



                  No worries. The forum exists to help you. The culprit file is:




                  Reboot into safe mode and you should be able to delete this file

                  • 6. Re: GetSusp

                    Hi Vinoo,


                    It appears you are the expert on the Anti Virus Action infection.  I was finally able to run getsusp however not too techical to figure out what I need to delete. I was wondering if you could take a look at my results file and let me know what files I should delete.


                    Thanks in advance

                    • 7. Re: GetSusp



                      It appears you've uploaded the same GetSusp Results file that @Newbie had uploaded in the previous post.


                      Could you post the gsusp.zip file that gets created in the same location from where getsusp.exe was executed please?



                      on 18/10/10 10:00:05 AM IST
                      • 8. Re: GetSusp

                        Thanks Vinoo.

                        Ok, so I’m an idiot.  How do I search/find this file? I'm in safe mode but can't locate the path.



                        Message was edited by: leenie on 10/17/10 11:49:51 PM CDT
                        • 9. Re: GetSusp



                          I have been trying to open the GetSusp with no luck. I was able to save it to my desktop but the Antivirus Action infection has attacked my laptop. No applications will open with the exception for Firefox. Please help! One thing I did manage  to run in safemode was Stinger. I have to end it early but it did catch a trojan. Now I cannot run misconfig to get back into safe mode

                          1 2 3 Previous Next