Firefox just crashed on me as I was finishing a reply to this question, and my reply has not been autosaved ....
What's your OS? 32-bit/64-bit? Can you get access to Explorer (for files), Task Manager (to kill processes), Start menu (for DOS command window)?
Can you check with Windows Update to see if there are any updates (Priority or Custom) outstanding, and then right-click on the McAfee icon in the system tray and select Check for Updates. Download and install anything that's ready, then reboot.
Process Explorer and Autoruns from Sysinternals if you need to look more closely at running or startup processes; possibly others. The important one at the moment is Malwarebytes, that works well on most of these fake programs.
There is a McAfee program called GetSusp available, but it's a Beta program - you have to join this group and ask for it to be made available. It works by a process of elimination - take out all the entries known to be okay, then examine the rest. It might be useful here.
Thanks for your response.
I was able to get it removed after spending half a day working on it. To answer your questions I was on a 32-bit XP machine. I was able to get to Explorer twice after rebooting but it would force me to reboot then was unable to get out of the fake "safe mode" even when booting into real safe mode. Once in that fake safe mode I was only able to click on the messages it was presenting to me which were some fake hard drive errors and to scan and purchase their software to repair. The times I was able to get into Windows the task manager was grayed out. Through some other searches I was able to pick a couple things from different people that allowed me to get to what I needed to repair. Here's what I did:
- Boot into Safe Mode Command prompt
- Enable task manager - REG add HKCU\Software\Microsoft\Windows\CurrentVersionDisableTaskMgr /t REG_DWORD /d 0 /f\Policies\System /v
- From command prompt ran explorere.exe to get into Windows Explorer
- Most of the files were located in documents and settings\all users\application data - deleted those (they keep re-appearing so they don't stay deleted)
- Ran Malwarebytes but once it "cleaned" it, it put itself right back
- Ran Combofix - 1st time it could not install Windows Recovery Console since I had no network connection but it seemed to have removed most of it.
- I was able to run windows normally at this point; however, any internet searches were being redirected. I couldn't find any proxy settings or dns entries so I ran Combofix again now that I had a network connection. It ran succesfully and everyting seems back to normal at this point.
- Ran Malwarebytes again and it did not find anything this time.
I just say that Combofix has saved me on several occasions! I haven't once had it not work for me. this time though it was just so difficult to get to a point to where I could run it. What made this even more frustrating is trying to search for resolutions because every search returns results about actual safe mode. I hope this helps somebody!
If you have any further problems with this, be sure to repost and let everyone know. One poster elsewhere claims that the program manged to re-establish itself after he thought it had been cleaned.
I just noticed that the links I gave were obscured by SiteAdvisor's checking security blanket. They were to
The steps you took were some of those recommended in those threads, but I left it to you to decide whether to follow them.
Have you got rid of the redirection problem?