1 2 Previous Next 10 Replies Latest reply on Dec 13, 2010 9:59 PM by steelhorse777

    Malware and virus still present after full scan

    Danii

      I'm a long time McAfee user, as well as Malwarebytes.

       

      I seem to have a problem which is rare. I use Firefox only.

       

      On one user ID only in Vista I am getting popups that all say internet explorer provided by Dell at the end of them.

       

      one of them says (111211url.cptgt.com internet explorer powered by Dell).

       

      also there seems to be a radio broadcast playing in the background even when I close the browser.

       

      Couple of times I have closed the browser and it opens back up to one of these things that says windows anti phishing ....which I think is a false thing.

       

      Yesterday It was bad I ran McAfee full scan and it coufght and quarantined one virus, and all seemed well.

       

      Today the pop ups and phantom radio voice in the background even when Firfox is closed down and only desktop is showing.

       

      Can anyone help to get rid of this whatever it is????  McAfee and Malwarebytes were updated before the scans.

        • 1. Re: Malware and virus still present after full scan
          Danii

          This thing is now closing down Firefox.

           

          Can anyone help?

          • 2. Re: Malware and virus still present after full scan

            The same thing just happened to me the other day.  I've got the latest McAfee SecurityCenter running, but it says there's no infection.

             

            Since I know something is fishy, I tried using a bunch of other AV software...Microsoft's Security Essentials and Spybot Search and Destroy both said I was fine too.

             

            When I used Norton's free PC checkup, however, it says there's four viruses on my system...but it won't tell me what they are without paying 100 bucks to have them clean it for me...thanks for nothing    Digging around a little, I found a log file from the free checker that says I have "Trojan.Gen.2" and "Trojan Horse".  Apparently, both are .dll files that are sitting in my appdata/local/temp directory and called by registry entries.

             

            I'm more then a little concerned that McAfee didn't find these virus/trojans though 

            • 3. Re: Malware and virus still present after full scan
              Peacekeeper

              https://community.mcafee.com/message/163726#163726

               

              Seems same type or trojan. This appears very new so will ask around at tomorrow's mod meeting but first try what I posted here .The getsup suggestion is a big possibility and you get a reply fast. It also feeds Mcafee AV filesit picksup  to add to their detection dat files.

              • 4. Re: Malware and virus still present after full scan

                Thanks!  I'll look into the tools you suggested.  Not sure what good my log files would be now though, as I've been slowly, manually hacking away anything I realize as infected.

                 

                I can tell you exactly how I got infected though.  It was via Facebook.  All I did was look at a friend's wall post and suddenly all hell broke loose.  It was a drive-by download that first presented as Vundo and evolved from there....

                • 5. Re: Malware and virus still present after full scan
                  Danii

                  jmeessem..........that is exactly what happened to me only in Myspace...........the exact same thing.

                   

                  Those social networks are being targeted.........it happened Sunday morning  Dec 12 to me.

                   

                  I wonde if this is going to be a huge problem.......meaning many many people.

                  • 6. Re: Malware and virus still present after full scan
                    Peacekeeper

                    That is what I am asking in 12 minutes

                    • 7. Re: Malware and virus still present after full scan

                      I have the same problem.  I have made sure that Mcafee is up to date and I have run a full scan but the scan does not detect anything.  I then ran Malwarebytes Anti-Malware and it detected Registery Values Infected:

                      Hkey_Current_User\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Shell (Trojan.Agent)

                      Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run\iqkvcoyd (Roque.AntivirusSuite.Gen)

                      Also Files Infected:

                      c:\users\administrator\Appdata\Roaming\microsoft\windows\start menu\Programs\thinkpoint.lnk (Rogue.ThinkPoint)

                      c:\users\administrator\Appdata\Roaming\sdhkryu.bat (Malware.Trace)

                      c:\users\administrator\Appdata\Roaming\agtyjkj.bat (Malware Trace)

                      Malwarebytes indicated that all of the above was Quarantined and deleted successfully, however whenever I open Internet Explorer the Malware or the Trojan keeps opening up other windows using Internet Explorer which takes me to various websites that say I have won a gift card or something like that.  Is this the ThinkPoint Virus or what do you call it?

                       

                      Why isn't Mcafee protecting my computer from these Trojan or whatever you call them????

                      • 8. Re: Malware and virus still present after full scan
                        Peacekeeper

                        It is new there is always a lead time follow the link above and get the getsusp program Vinoo will help you

                        https://community.mcafee.com/message/163726#163726  go to the getsusp details jion its forum and download and run getsusp.

                         

                         

                        Message was edited by: Peacekeeper on 14/12/10 12:07:42 PM
                        • 9. Re: Malware and virus still present after full scan

                          It appears that a Trojan or Malware has taken control over my pc.  I did a control, alt, delete and under Processes I highlighted various programs like iexplore.exe and right-clicked and went into properties, then clicked on the Security tab and it lists TrustedInstaller as one of the users and it has Full Control, Modify as well as Read & Write permissions.  When I log in I only have Read & Write permissions.  Is there anyway to remove this TrustedInstaller so I can get back control of my pc????  I think that is why I can't get rid of this damm virus.

                          1 2 Previous Next