4 Replies Latest reply on Nov 22, 2010 7:39 PM by Hayton

    My computers were recently blocked by a virus that McAfee did not recognize.

      The virus was called Securities Tool and I had to purchase their Antivirus software before I could use the computer again.

      Are you familiar with this product?

        • 2. Re: My computers were recently blocked by a virus that McAfee did not recognize.
          Peter M

          Moved provisionally to Malware Discussion > Home User Assistance.

          • 3. Re: My computers were recently blocked by a virus that McAfee did not recognize.

            Thanks for your notes.

            I reallly do not wish to open any new antivirus programs till I hear from McAfee

            • 4. Re: My computers were recently blocked by a virus that McAfee did not recognize.
              Hayton

              Please read these short descriptions of rogue programs before you decide what to do :

              http://www.bleepingcomputer.com/virus-removal/rogue-programs

              http://service.mcafee.com/FAQDocument.aspx?id=TS100767

              and also this document, which contains some of the advice set out below

              https://community.mcafee.com/docs/DOC-1294

               

              "Securities Tool" is not one of the (very many) known rogue programs.

               

              "Security Tool" is. It is scareware. It will try to persuade you to buy a useless and possibly harmful program. If you click on a scareware window, and if you try to run the downloaded program that it tries to persuade you to buy, your PC could become infected with malware. Even if does not, you've wasted your money on a fake program. McAfee and other AV programs may not detect these because they are not, strictly speaking, viruses; only if the program starts to download known malware will McAfee move to block it.

               

              If the page I linked you to at bleepingcomputer.com shows you a picture of a program that looks the same as the one you've bought, then you've been sold a (potentially dangerous) rogue program.

               

              The information on the page whose link I provided will help you to remove it.

               

               

              Alternatively, you could do the following :

               

              Update your dat files and scan your PC with Virusscan in Safe Mode.

               

              To do this, tap F8 repeatedly while booting up. You'll get a boot screen with choices. Pick Safe Mode. Your PC will boot in a low resolution state as most processes won't be running. Go to "My Computer" (XP) or "Computer" (Vista), right-click the hard drive and select "Scan" from the drop-down menu. You'll see an extra taskbar icon which will show a progress report if you hover over it.

               

              If you think you have a virus infection on your PC do one or both of the following :

              - Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -

                set it to Report Mode (in Preferences) and post the logs of anything it detects.

              - Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback

                You will have to ask there for Getsusp, which is a Beta program and not yet on general release.

                Before you use Getsusp, you should go to this document

                https://community.mcafee.com/docs/DOC-1323

                and download the PDF file explaining what Getsusp is and how it works, and this document

                https://community.mcafee.com/docs/DOC-1761

                which downloads the installation guide PDF document.

               

              If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :

              Malwarebytes and SuperAntiSpyware

               

              If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open the C:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan using Malwarebytes.

               

              Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of it and send it to Mcafee using the virus submission path described here :

               

              (The following has been copied from a post of Peacekeeper's, to whom I am grateful for saving me some typing).

               

              Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx

               

              Zip the file and password it with password infected.

               

              You will probably get an autoreply back saying it is infected; reply asking for it to be manually tested.

               

              Include in your first submission :-

              Submission Information
              Please provide the following information along with your sample. It will help us speed the sample review process:

               

              • A list of all files contained in the sample submission, including a brief description of where or how you found them
              • What symptoms cause you to suspect that the sample is malicious
              • Whether any security products find a virus (tell us the  security vendor, its product name, the version number, and the virus  name assigned to the sample)
              • Your McAfee product information (product name, engine, and DAT version
              • Any system details that may be relevant (operating system, service packs, etc.)

               

              You now have two answers to your question, one short and one long.

               

              Pick whichever seems to you to offer the better path to cleaning your PC of this program, and let us know how you get on ...

               

               

              Message was edited by: Hayton, fix a couple of typos, change formatting on 23/11/10 01:39:59 GMT