0 Replies Latest reply on Nov 8, 2011 11:07 AM by lionfan

    Virus Attack????



      While browsing I ran across an interesting site. In the process of loading the web site into my browse I was asked if I wanted to install a new version of Java. Thinking that my MacAfee Antivirus software would protect me from any threats I answered yes and I immediately received a threat warning from a program from Privacy Protection (PP) which immediately started identifying viruses that were loaded on the system. I attempted to run a quick scan using MacAfee, the scan completed successfully without identifying any virus threats. I continued to get messages from privacy protector informing me of increasing threats and asking me to activate (PP) to stop the threats. I had increased trouble running programs (internet explorer, word, MacAfee, solitaire, system configuration). I allowed PP to perform a full scan and it reported over 80 threats. I then ran a full scan using Macafee and it completed without reporting any threats. I then loaded windows in safe mode without any errors or threats reported. I loaded windows in safe mode with networking without problems and connected to the internet.


      I then took a WAG (wild *** guess) and said to myself this is a program I loaded when I was asked  to upgrade Java (which it probably didn’t do). I checked the startup menu in system configuration and there were two programs which had installed themselves into the startup menu in the timeframe which was the same as the Java update


      Program Info

                          named: yuf develop;

                          manufacturer was jet brains s.r.o

                          program location: (drive letter):\users\(username)\appdata\roaming\privacy.exe

                          registry key: hkcu\software\microsoft\windows\currentversion\run


                           named: SunJavaUpd

                           manufacturer: unknown

                           program location: (drive letter):\program files (386)\java\javaupdate

                           registry key: hklm\software\wow6432node\microsoft\currentversion\run



      I then copied all references from the two programs and deleted them from the registry. This removed all references from the system, I still must research two questions as best I can:

                      Why didn’t Macafee prevent this problem?

                      Why did PP try to install itself on this system?


      I am running ATT Internet Security Sutie by McAfee. Any asistance is appreciated.


      Any input is appreciated.