I am looking for some urgent help.
I think that I may have downloaded some maliciious virus that will nt allow Mcafee trun on, including realt ime scanning.
Earlier in the day there was some maleware that hijacked intrnet explorere and kept pointing me to a virus removal tool (Antivirus Action). there were sevral other annoying pop-ups as well.
I did system restre based on recomendation and now I cannot tur on Mcafee. not sure it is it realted to the virus OR resore. No pop-ups recently. Ran Stinger sevral times but nothing has been picked up.
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action that is if you have that malware.. Note DO NOT click on ads top of page just read further down.
Below from a post by Ex_brit
If it is another malware best to follow this
Before doing anything else please read this McAfee article.
If possible is to locate removal tools on the web and that is where Google can be your friend. Be careful what you pick though!
Here are some FREE programs that you can download to get adware/spyware removed from the machine (keep them AND your computer updated!):
NOTE: I have noticed a lot of posters with adware/spyware issues. These products are owned by other companies and aren't something we support. However, they are excellent programs that I would recommend to remove this stuff. If you are having problems removing the adware/spyware from the machine or problems with the product, you need to go to the company that corresponds with the product that you have installed for support.
- we are not responsible for any problems caused by these programs. Most have their own support. Also note that anti-spyware software will often remove all your good cookies (along with any bad ones of course) - so you have to be careful what you delete when the scan finishes.
Users will have to check each website for compatibility. Remember to keep them updated!!
Support Forum: http://forums.superantispyware.com/
Download the free version here:
Rename the setup file and the default folder it creates when you install the program to something new. Do the same with the exe file. Some malware look for know Anti Malware programs and their folders.
Message was edited by: Peacekeeper on 6/12/10 7:44:34 PM
Hi - Thank you so much for the answer.
I did most of the actions last night and it seemed to work ok. I need to do the final part as soon as possible (replacing the host files).
Wil post soon if everything remains fixed. I really appreciate it.
Were you able to get the Real time scanner turned on ?? Get back to us if you still face any issues
McAfee Online Community Moderator
I just finished running everthing and the Malwarebytes caught several items. The systems has been runnning fine. I ran it a few extra times and it came up clean. Thank you so much - this was a major headache.
I had a little trouble deleting and replacing the hosts file. I did it via the Explore function. The Hosts Perm file did not seem to do antything. I am not sure if that is correct (to delete). The file was only 1 kb . If I did anything incorrectly or need to review anything please advise.
I am not sure how important replacing theHosts files is.
Can I delete the RKill, Maleware, and Hosts-Perm files from my destops?
The suggestions in the beeping computer link You should ask them though rkill should be ok to remove, I would for the moment leave Malwarebytes and update and scan with it as a back up regularly. I do.
Can you post what your host file now looks like?
THank you - The following is how the host file looks under drivers\etc:
name Date Modified Type Size
hosts 12/11/2010 9:52 AM File 1KB
When I open the file in Noterpad it look like this:
# Copyright (c) 1993-2006 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 188.8.131.52 rhino.acme.com # source server
# 184.108.40.206 x.acme.com # x client host
That appears ok for vista. You got vista?