Today I ran an on-demand scan (memory & local drives).
During the memory scan a console message displayed "The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again".
The scan continued to completion and the log reported zero detections.
Since PreScan does not support Vista I re-ran in Safe Mode - no console messages were displayed and the log reported zero detections.
Was this a false positive/lack of Vista compatibility or should I be doing more diagnostics?
Any advice much appreciated.
Client system: 3 GB RAM Windows Vista Home Premium (latest Microsoft updates ex SP1) – not an upgrade Windows Firewall on and Windows Defender running VirusScan Enterprise 8.5i + patch 4 – not an upgrade/no previous versions on system Broadband
Last full scan in October 2007 - no console messages displayed and log reported zero detections.
Yesterday I had the same message when I ran an on-demand scan. I had not run a full scan for some time. The full scan completed and did not find anything - I rebooted the system into safe mode and ran another full scan - again, nothing was found.
I am also running VirusScan 8.5.0i with no installed patches. The DAT version is 5244.0000
My system is a Dell XPS 420 running Windows Vista Home Premium. 3 GB RAM Also have Windows Firewall on with Windows Defender. I ran a check with Windows Defender and it did not find anything.
I have done a few System Restores in the past few weeks; wondered if the detection had anything to do with the system being changed due to the restore. Any information/assistance would be much appreciated. I was working with Dell on a sound card problem - as part of his troubleshooting procedure, the tech started an anti-virus scan. When this message popped up, he dropped the case like a hot potato and said that they would not work any further on a system that reported any kind of infection. So now I have a system with a non-functional sound card and can't get any further support with it.
I've been receiving the same message under similar circumstances.
OS: Windows Vista Business 32bit VirusScan Enterprise 8.5i Engine: 5200.2160 DAT: 5245.0000 1 patch installed
I get the message: "The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again"
From what I understand there is no "PreScan" for Vista. I've tried scanning in Safe Mode and nothing is detected AND the above message is not displayed.
As far as root kit scanners: McAfee rootkit detective doesn't support Vista and RootKitRevealer also has trouble with Vista (dectects 400,000+ discrepancies)
I'm having the same problem described above. I'm running McAfee VirusScan Enterprise 8.5i, I believe with DAT 5249 (that's what I saw when I opened the log file of the dialup update). My OS is windows Vista Business, running on a hp dv6000 Pavilion Laptop (Intel Core Duo 2 firstname.lastname@example.orgGHz, 2GB RAM, etc ) .
I update and run a full scan daily, and everything used to be ok until I started receiving the infamous message:
"The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again"
around 2 weeks ago.
Some of the things I have tried (and none of them solved it):
-running Avg anti-rootkit -running the McAfee full scan in safe mode -running Spybot search and destroy both in normal and safe mode -running adAware both in normal and safe mode -reinstalled windows Vista from the HP recovery partition on disc D:\ that came with laptop -reinstalled windows Vista from a windows/hp recovery DVD that came with laptop
As the other user above said, when I run the on-demand full scan in safe mode I don't get the message; but I get it always in normal mode. Also, after reinstalling Windows I ran the McAfee scan before installing any other software (except mozilla firefox) and the message is always there.
I should also add that the scan seems to stop and pop-up the window with the message always at the same point, when it is scanning a file named:
I'm lead to think that the problem is one of the following 2:
a) My computer is clean and the message is just Virusscan being paranoid after some update that McAfee made on their files some weeks ago. I base this hypothesis in that it seems to be working just fine.
b) The rootkit is somehow in my recovery partition, so that even reinstalling Vista does not solve the problem. If this is true...well...I guess everything is lost (doesn't it?)
PLEASE HELP! Any suggestions, info, etc will be highly appreciated. This issue is really driving me nuts.
By the way, I'm pretty ignorant about this stuff, so please if you need me to send any additional details/info describe where to get it in computers-for-dummies language.
I would be very grateful if you could give me any help.