1 2 Previous Next 12 Replies Latest reply on Jun 28, 2011 3:51 PM by exbrit

    How to remove false security alert from Windows?

      Would someone from Mcafee please have a look at the attached GetSusp logs and tell me what to do next.

       

      The rest is verbal dribble which the reader may or may not find helpful:

       

      Having a VirusScan Plus and getting a virus is frustrating enough.  Getting rid of this particular malware is more frustrating.  Figuing out how to get help from McAfee just adds insult to injury.

       

      I gather from community posts that I have malware that is reporting false security alerts from windows.  This maleware makes it impossible to view web sites so I had to do my research on another computer.  Several of the community discussion referred to GetSusp.exe which helps to troubleshoot whats going on.  The only way I could get this program to run was from a removable dirve.  I suspect the malware was preventing windows from running from the harddrive.  Now after registering to be a part of this community, I am hoping for some help.

       

      Hoping for a prompt reply,

      Doug

        • 1. Re: How to remove false security alert from Windows?
          exbrit

          Moved to GetSusp and invitation sent to join group.

          • 2. Re: How to remove false security alert from Windows?

            Hi,

             

            I have your product McAfee Security Scan Plus.

             

            I have tried all the suggestions on this site for the other softweare to remove XP Home Security 2012 from my laptop.

             

            I have rebooted in safe mode several times

            Dl'd all the malware removers suggested on this site

            Tried to run McAfee Security which I cannot do

             

            This XP Home Security 2012 is still there.

             

            What can I do as a next step?

             

            Thanks, R Collins

            • 4. Re: How to remove false security alert from Windows?
              exbrit

              rpcollins wrote:

               

              Hi,

               

              I have your product McAfee Security Scan Plus.

               

              I have tried all the suggestions on this site for the other softweare to remove XP Home Security 2012 from my laptop.

               

              I have rebooted in safe mode several times

              Dl'd all the malware removers suggested on this site

              Tried to run McAfee Security which I cannot do

               

              This XP Home Security 2012 is still there.

               

              What can I do as a next step?

               

              Thanks, R Collins

              Follow Tony's suggestions above for the infection but you should know that McAfee Security Scan Plus is not protection software but merely something you probably downloaded optionally along with an Adobe update or something similar, all it does is tell you what security software you need.  It can be removed in the normal manner via Control Panel.

               

              You need proper antivirus and firewall software to protect your machine.    Also it is important thst your machine is totally up to date with all Windows and software updates.

              • 5. Re: How to remove false security alert from Windows?

                Hi Peter & Peacekeeper,

                 

                I ran Stinger yesterday and am running it again today, saved on hd.

                 

                Unfortunately I can't seem to connect to the wireless network like I did yesterday in safe mode to run bleeping....it is possible this malware has corrupted the wireless network?

                 

                I just wanted to let you know that I was a customer of McAfee Scan Plus.

                 

                Since I am trying to fix this for Robert on his business laptop.

                 

                Thanks, Kathleen

                • 6. Re: How to remove false security alert from Windows?
                  exbrit

                  Not sure what McAfee Scan Plus is, you mean VirusScan Plus perhaps?

                   

                  Safe Mode alone wont give you an internet connection - have you tried 'Safe Mode with Networking" ?   (#2 on the menu usually)

                  • 7. Re: How to remove false security alert from Windows?

                    I ran into a very pervasive version of Windows Security 2012 over the weekend (helped a friend by cleaning out his Win Vista PC).

                     

                    Here's what I did to completely eradicate it:

                     

                    Step 1:  Removed the HDD from the infected system, connected the infected HDD to an adapter (SATA-to-USB), write-protected my USB ports (can be done through my BIOS on my cleaning system), connected the infected HDD (via USB) to my cleaning system, ran a full scan with VSE 8.8 with latest DAT to scan all partitons of the infected HDD.

                     

                    Step 2:  Multiple infected files were found and deleted in the sysvol as well as in the recovery partition.

                     

                    Step 3:  Ran Stinger - more entries were found.

                     

                    Step 4:  Ran Malwarebytes Anti-Malware (found about 20 entries in the system registry, mostly run-once entries for service launches - nasty).  Deleted all detections.

                     

                    Step 5:  Connected HDD back to original hardware & booted to verify infection was gone - system (amazingly enough) was still infected.  This time, however, it was possible to spin up the Task Manager and end-task on the Explorer, Windows Security, AOL and IE windows that kept popping up - finally got control of the OS.

                     

                    Step 6:  Manually cleaned out local host file (all kinds of random URLs for dropper sites were listed in the local host file).

                     

                    Step 7:  Ran Stinger on the live system and detected several more infected files (hcc.exe, hee.exe, and several other 3-letter random exe files all in the system32 folder)

                     

                    Step 8:  Reinstalled user's McAfee Antivirus Plus 2011 & updated successfully.

                     

                    Step 9:  Ran a full scan of the HDD with on live OS with McAfee AV + 2011 (system clean) - finally!

                     

                    This particular infection was using a root kit to suppress AV and hide processes from the OS kernel (Hacker Defender, I think).  Slaving the OS is somtimes the only way to disable an active root kit.

                     

                    Hope this helps.

                    • 8. Re: How to remove false security alert from Windows?
                      exbrit

                      Excellent for those who can do it that way.   VSE of course isn't available to the bulk of consumers.

                       

                      Are you aware that McAfee Labs have now released an updated Stinger/Fake Alert Stinger?

                       

                      http://www.mcafee.com/us/downloads/free-tools/index.aspx

                       

                      Message was edited by: Ex_Brit on 28/06/11 2:02:02 EDT PM
                      • 9. Re: How to remove false security alert from Windows?

                        Yes I used safemode with networking...

                         

                        running stinger

                         

                        ran stinger yesterday also everything suggested on the site here the original page on this site for this malware.

                         

                        Will try more re above

                         

                        My intent for scan plus mcaffee is I do have and bought your products....that's all

                         

                        Thanks Kathleen 

                        1 2 Previous Next