6 Replies Latest reply on May 25, 2011 4:56 PM by tcgsd

    Malware identified, need help removing

      I've identified a file I believe to be malware - iwv.exe. I've run a quick & full scan using McAfee and it did not find it. I tried to use the Stinger product, but was unsuccessful. If I rename or suspend the file, it seems to make explorer.exe stop working. I find references on the internet to this file being a problem back in March 2010. Any help or assistance would be appreciated. It doesn't seem to cause problems, except giving the screens I've seen other posts for the FakeAlert trojan. Please help!

        • 1. Re: Malware identified, need help removing
          Hayton

          It could be associated with an attempt to install a fake antivirus program on your system. It doesn't look like it's a serious issue, although if explorer.exe is affected when you try to remove it that implies there's something else active associated with it.

           

          Download Malwarebytes and run it a couple of times in normal mode; that should find anything that's there. If you haven't got Microsoft's Windows Defender, it might be an idea to install that too - it guards against spyware, but most importantly watches your Windows settings like a hawk and lets you know if anything tries to change them.

          • 2. Re: Malware identified, need help removing

            After running McAfee custom scan, it seems I've removed the pop-ups. Also, that file - iwv.exe is gone. However, the weird behavior is now occuring. I can open some programs - excel, process explorer, but others I get the box that asks me to choose a program. I've been able to browse, and find some programs, but I'm unable to open Outlook - there are some switches on the shortcut, that I can't seem to figure out to get these to work. It's almost like a registry entry has been changed. Can anyone tell me what setting might have been affected? Will Malbytes, suggested by Hayton fix the registry? I still have the file iwv.exe in a zip that I was planning to send to McAfee. Do you think I should put it back?

            • 3. Re: Malware identified, need help removing

              So after another hour of reviewing MalBytes forums, and googling, I found an answer - http://en.kioskea.net/forum/affich-214653-my-computer-can-t-run-exe-files

               

              From this article, there was a link for different .reg file to fix specific areas of the registry. I downloaded and ran the one that added back the default .exe settings, and everything is working now.

               

              Which forum would be best to post some questios regarding how I can beef up my security (without, hopefully, bringing my computer to a screeching halt!). I have some very obvious questions surrounding this entire episode, that I'd love some direction or answers.

               

              Thanks for trying. I may end up getting Malbytes, but I want some more information, first!

              • 4. Re: Malware identified, need help removing
                ConorD62

                McAfee + Malwarebytes + Noscript and Adblock for Firefox.

                • 5. Re: Malware identified, need help removing
                  Hayton

                  So it was a File Association problem? I checked the link you posted to see what was there, and found the further link to dougknox.com - not a site I'm familiar with. Since the web page that came up was full of downloads I looked  up the site on SiteAdvisor - 225 downloads, all apparently okay. It's good that what you downloaded worked for you - there were some people on kioskea.net/forum saying it apparently only works for XP - but the first rule of security is to mistrust any unknown download until you know exactly what it is and you're sure it's coming from a reputable source ...

                   

                  If you have questions about security, feel free to ask  them here. Conor's advice is a good start.

                  • 6. Re: Malware identified, need help removing

                    Yes, I was a little leary myself, but SiteAdvisor did indicate both websites were safe to use. The file does indicate it's only for XP which is what I have.

                     

                    My questions are:

                         I have the following:

                              McAfee VirusScan (although its only the free access via ATT service I have - has limitations)

                              McAfee SiteAdvisor

                              McAfee Firewall

                          

                    Everything was working well for so long, and then, this malware hit. I understand that McAfee and other virus scanners cannot be expected to keep up with all the new viruses, or replicants of old ones. It sounds like MalwareBytes might do a better job of keeping up. They state they use a different method of looking for these malware files. Is there another FREE virus scan software that is rated higher than McAfee? There are aspects of McAfee that I do not like - I don't seem to be able to schedule when it downloads, and this takes a lot of resources for my old computer. There are already options in Firefox for preventing scrips running and pop-up blocker. I have noticed that sometimes I do get pop-up blocker. Is there a problem with Firefox"s methods, so that's why these two are recommended? I assume they are plug-ins.

                     

                    Right now, I'm just very leary about everything. I ask my computer to do a lot, and already have to watch resources, etc. I wish I could afford a new one, but that's not in the cards right now. any information would be greatly appreciated.

                     

                    Thanks!