1 2 3 Previous Next 22 Replies Latest reply on Sep 29, 2011 3:36 AM by Vinod R

    Must Be A Virus - Advice Please

      Hi All

       

      My McAfee Security Centre has gone all haywire. I noticed an issue with Internet Explorer where when I click on any search result....instead of taking me to the page I want to go to, I end up on some landing page either and advert or some other obscure search engine. I tried to run Virus Scan but it doesn't want to know. So I downloaded and ran the Virtual Technician and it showed Firewall off, Real Time Scan off, in fact everything disabled, even though Security Centre shows all green. I ran the analyser as well and tried to auto fix, but no joy.

       

      Stinger downloaded and ran it, but it just stops working and won't run at all. Tried to run Malwarebytes as well, same result as Stinger, just bombs. I have found this running in the processes list 255720159:2283639911.exe

       

      Any advice please? Thanks in advance.

       

      Message was edited by: delmeister on 24/09/11 10:02:14 CDT
        • 1. Re: Must Be A Virus - Advice Please
          Peter M

          What is your operating system, service pack and what version of Internet Explorer is installed (whether or not you use it)?

           

          Try booting to 'Safe Mode with Networking" by tapping F8 repeatedly while booting up and then selecting it, usually number 2 on the ensuing menu.

           

          That should give you safe mode with internet access.

           

          Bring up Malwarebytes - which I hope is the free version as the paid one can clash with McAfee - and update it.

           

          Then run it in that mode, it works fine in that mode so you ahouldn't have any problems.   See if it removes anything.

           

          If not then I suggest trying some of the McAfee tools listed here:  https://community.mcafee.com/docs/DOC-2168

           

          There are two types of Stinger and another tool that allows you to upload a suspected file to McAfee, called Get Susp.

          • 2. Re: Must Be A Virus - Advice Please

            Hi Peter

             

            Thanks so much. I did as suggested, and also loaded SuperAntiSpyware and SpywareBlaster in Safe Mode. Stinger, Super and Malware all crash when trying to scan....in Stinger it crashes at svchost.exe in System32 folder. I uninstalled IE9 and now use IE8. With SpywareBlaster working in Safe Mode IE is not hijacked anymore, but of course I still can't clean anything. Here is the log from Virtual Technician:

            MVT Version :6.0.0.0
            System Information
            Operating System :Microsoft Windows 7 Home Premium EditionHome Edition (Build 7601)
            Service Pack :Service Pack 1.0
            Language :0809
            Internet Explorer Version :8.0
            Internet Explorer Language :en-gb
            System Drive Type :NTFS
            Physical Memory Available :2097151
            Physical Memory Total :2097151
            Virtual Memory Available :5802284
            Virtual Memory Total :6279236
            System Architecture :x86 Family 6 Model 23 Stepping 6Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
            Date Time :09/24/2011 17:59:39
            Time Zone :GMT -00:00
            Product Details
            Product Name:VirusScan - McAfee Internet Security 3 - User
            Product Version:14.5.113
            Language:en-gb
            Partner:McAfee
            Account ID:13447398
            Health Check Details
            Registry OK
            File 1 file(s) incorrect
            Expected File not Present
            File: c:\program files\mcafee\virusscan\%mvt_lcid%\mvsdeflt.dll
            Process OK
            Service 4 service(s) incorrect
            Expected Service State Incorrect
            Expected : running
            Existing : stopped
            Service: McShield "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
            Expected Service State Incorrect
            Expected : running
            Existing : stopped
            Service: mfevtp "C:\Windows\system32\mfevtps.exe"
            Expected Service State Incorrect
            Expected : running
            Existing : stopped
            Service: mfefire "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
            Expected Service State Incorrect
            Expected : running
            Existing : stopped
            Service: mcnaiann "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
            COM OK
            DAT and Engine 1 DAT / Engine update
            DAT not Up-to-date
            DAT: Expected : 6478
            Existing : 6474
            Patches OK
            Top Issues OK
            SYSTEM OK

            Product Name:QuickClean and Shredder - McAfee Internet Security 3 - User
            Product Version:10.5.108
            Language:en-gb
            Partner:McAfee
            Health Check Details
            Registry OK
            File OK
            Process OK
            Service OK
            COM OK
            Top Issues OK
            SYSTEM OK

            Product Name:SecurityCenter
            Product Version:10.5.195
            Language:en-gb
            Partner:McAfee
            Product Status
            Product update required
            Health Check Details
            Top Issues OK

            Product Name:Personal Firewall - McAfee Internet Security 3 - User
            Product Version:11.5.135
            Language:en-gb
            Partner:McAfee
            Account ID:13447398
            Health Check Details
            Registry OK
            File OK
            Process OK
            Service 1 service(s) incorrect
            Expected Service State Incorrect
            Expected : running
            Existing : stopped
            Service: McMPFSvc "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc
            COM OK
            Top Issues OK
            SYSTEM OK

            Product Name:McAfee Online Backup powered by Mozy
            Product Version:2.5.119.0
            Language:en
            Partner:McAfee
            Health Check Details
            Registry OK
            File OK
            Process OK
            Service OK
            COM OK
            Top Issues OK
            SYSTEM OK

            • 3. Re: Must Be A Virus - Advice Please
              Peter M

              Superantispyware doesn't work in Safe Mode and I don't believe Spywareblaqster does either, but as the latter is only a passive protection anyway I can't guarantee that, just keep it updated that's all.  Stinger may fail in Safe Mode but you can run Malwarebytes free version, I know because I use it myself.  If it's crashing then something much more serious is going on.   You could try uninstalling Malwarebytes and reinstalling it from here:  http://www.malwarebytes.org/products/malwarebytes_free and do that in Safe Mode with Networking.

               

              I strongly recommend that you upgrade IE once again to IE9 as it is much safer than IE8 and in fact has been labelled as possibly the safest browser around at the present time.

               

              Your McAfee software appears to be last year's version, which could be the case if you obtain it from a 3rd party, your ISP or your coimputer maker for instance, is that the case?

               

              This may not be an infection.  This sort of thing can also happen with the use of Registry Cleaners.

              • 4. Re: Must Be A Virus - Advice Please
                Hayton

                Just a thought : that process (255720159:2283639911.exe), is it still there? Process Explorer might be useful for finding out what it is and where it's come from.

                • 5. Re: Must Be A Virus - Advice Please

                  Hi Hayton, yes 255720159:2283639911.exe still shows. It won't allow me to end the process, nor look at properties...just can't seem to do anything with it. Think I will uninstall McAfee and see if a reinstall works. Tried Malwarebytes again, uninstalled and reinstalled, it updates okay, but when I try and scan it crashes about 30 seconds in.

                  • 6. Re: Must Be A Virus - Advice Please
                    Hayton

                    Download Process Explorer from SysInternals. It gives a lot more information than Task Manager. If you want to see where this process comes from, AutoRuns (also from SysInternals) will probably show it. You may have something unwelcome on your system, and these two utilities should help you identify it.

                     

                    Edit - If you can't get anything else to work, try the Windows Live Safety Scanner - download from HERE. It's a big download, so be patient. Once you have it it's good for about 10 days, then it expires.

                    The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

                     

                    Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

                     

                    The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.

                     

                     

                    Message was edited by: Hayton on 24/09/11 20:45:35 IST
                    • 7. Re: Must Be A Virus - Advice Please
                      Peacekeeper

                      Can you update Malware bytes? Some of these as well as disabling AV and Anti malware products recognise where they are installed and their exe files. What may work is download Malwarebytes and stinger onto a usb stick on another PC and rename the setup files. Install them on the PC in trouble and rename the folder it wants to install it into and also rename the main exe file. Run Mwb and stinger and see it that works.

                       

                      If no chop have you considered restoring back to a time before you had this issue sometimes , not always , this helps.

                      • 8. Re: Must Be A Virus - Advice Please

                        Right, have done the following:

                         

                        Process Explorer, AutoRuns and Windlows Live Scanner all installed okay, but all crash when you try and run them. This is the same issue I had with MWBytes and others, including McAfee, whether its scan or update. No spyware/virus software works, they all crash when you run them, and after that if you try and run hem again you get an erroe message saying you don't have admin rights. Can't uninstall either. Basically, this is a nasty little bug that is controlling my apps. Also tried a system restore but it only goes back to 8 Sep (which I guess is  when the bug hit) and it won't do a restore anyway. I am going to try the USB stick method suggested by Peacekeeper, I will be able to run Stinger off a USB so hopefully that works. Will try the installs with renamed files/directories as well and see if that works. Never been beaten by a virus before so hope I can resolve this issue.

                        • 9. Re: Must Be A Virus - Advice Please
                          SamSwift

                          Hi,

                           

                          Are you able to run stinger.exe as stinger.com?

                           

                          Kind regards,

                           

                          Sam

                          1 2 3 Previous Next