3 Replies Latest reply on Jan 30, 2012 1:13 PM by exbrit

    Malware turn off Internet Security while you are in Safe Mode

      this is a sad situation.  I have McAfee since 2006 with licenses installed in two PCs.

       

      Recently a family PC was infected with webpage or trojan that hijaked his IE explorer webpage. According to my father in law this problem happened after Jan 1s. As they are old and do not have lot of understanding of PC I then I decided to take a look and give him one of my availables McAfee license. Therefore I helped him to remove his AVG from its PC and after this i have installed that  license (McAfee Internet Security) .  

       

      After this issue by HUGE coincidence in one of my PCs at home I also faced a problem as looks like the PC was attemting to connect to internet and close the IE8.

       

      I then decided to look for malware on it followinfg the instructions available at " REQUIRED READING HOME USER ASSISTANCE MALWARE TROUBLESHOOTING".

       

      While I was in SAFE MODE on this home PC I ran the software GET SET AND SUBMITTED FILE to McAfee where there was a suspicious file under Documents and Settings\THEUSERNAME\CONFIG\TEMP\4D.tmp.

       

      After I just started to run McAfee Scan function in Safe Mode on this home PC, I realized that McAfee Protection was turned off (RED STATUS HORIZONTAL STRIPE).  Althought I choosed to turn it on again,  the message   YOUR COMPUTER IS IN RISK  showed up on the screen   and it change the color from Green to Red.

       

      I then clicked over the "buton"  to activate the SCAN, thus it then changed to GREEN but suddenly  it changed back to RED status .

       

      Meanwhile during the scan, I noticed that my Windows XP Professional PC With Service Pack 3 PC, during safe mode, tried to connected to some IPs .

      I realized that in less than 5 minutes at least those 3 IP Address where blocked in this sequence 64.208.138.252  , 208.73.210.29  and 68.67.159.206  .

       

      I tried to turn on again and was not successfull at all.

       

      Few minutes later passed by during this scan with red status and suddenly , without myself clicking anyplace else on my PC controls , there was a  message "Internet Explorer Warning " onn the middled of the Screen tat says:

       

      "last navigating session was unexpected closed. Would you like to return to your last session or go to your home page?"  Just bellow there were two butons to choose  - Back to last session      or  Go to HomePage.

       

      Although I did not take any action from the menu above, the Message Pop Up disapeared from the Screen while the choose any of these requests .

       

      At this time my Scan was about to 19% complete and I am writing this e-mail from another PC I have at home that seens to not have a malware YET.

       

      Few minutes later AGAIN suddenly , without myself clicking anyplace else on my PC controls , there was a  message "Internet Explorer Warning " onn the middled of the Screen tat says:  "last navigating session was unexpected closed. Would you like to return to your last session or go to your home page?"  Just bellow there were two butons to choose  - Back to last session      or  Go to HomePage.

       

      Can anyone kindly guide me to explain what is the PROBLEM and HOW CAN I FIX IT. 

       

      Thanks in advance.

       

       

       

       

       

      PS: My father in law PCs problem was not fixed. . Another time of this week I will try to help to fix my family member PC.

        • 1. Re: Malware turn off Internet Security while you are in Safe Mode
          exbrit

          Your header is based on the premise that processes are active in Safe Mode when actually only the very basic ones are loaded by Windows - just enough basically to give you a low-res image on your screen, most malware, like software, can't run in Safe Mode.  SecurityCenter doesn't work in Safe Mode.   The only things one can do in that mode are right-click a file, folder or the taskbar icon and select Scan and that's about it.

           

          You might want to run some extra tools starting with Stinger - link available here:  Anti-Spyware/Malware & Hijacker Tools

           

          Then you might want to run Malwarebytes (Free) after updating it (also on that page).  Note: that can be installed, updated and run all in 'Safe Mode with Networking' which is a useful thing to note should an infection prevent it from running in regular mode.

           

          If all else fails go the Hijackthis route mentioned near the bottom of that page and post its log on one of the specialist forums listed there for expert advice.

           

           

           

           

           

          .

           

           

           

          Message was edited by: Ex_Brit on 26/01/12 7:25:48 EST AM
          • 2. Re: Malware turn off Internet Security while you are in Safe Mode

            Peter,

             

            I also had ran Stinger and others with no success...

             

            In fact, I forgot to mention in my orginal post    " I was testing under SAFE MODE WITH NETWORK and the internet was turning on/off ...."

             

            Thanks for the advise that McAfee do not RUN under SAFE MODE WITH NETWORK OR SAFE MODE ONLY. 

             

            Regards,

            • 3. Re: Malware turn off Internet Security while you are in Safe Mode
              exbrit

              OK well the only part of McAfee that you will get to run ever in any Safe Mode would be a scan.  That's not going to change.

               

              What do you want McAfee to take a careful look at?   Are you infected or something?