I wasn't aware that McAfee was detecting this, because McAfee gives these infections names which are hard to reconcile with their commonly-used names. The other name I know is used for this detection is "Win32:FakeSysdef".
Where did you find the removal information that you include in your post? It came from a vil.nai database entry, from the look of it.
Before I offer any advice please read this blog entry from Avast
and let me know if this is what you've got. If the malware is still demanding an activation code you could try the one that was current when the blog was written, which was "08869246386344953972969146034087". Do not ring any phone number that may be offered in the malware's accompanying screen text as a Customer Support number. I checked the one for the UK and it redirects to an overseas number (at premium rates, I would guess).
I belatedly realised this one belongs in Top Threats, so the discussion has been moved there.
Thanks for your help. I am going to try it. How would you recomend uninstalling once I have it registered?
I did not notice if Mcafee actually named the infection or not, it just advised that it had detected it and removed it. The SMARTRecovery tool that came up looked suspicious, so I went to another PC for research.
The removal info I refered to was at
Well, McAfee says it's detected and removed it, which is good. I searched a bit more, and this so-called "S.M.A.R.T. Recovery" program is a reissue of an existing Fake AV program with a new name. According to Microsoft this basic program now has dozens of variants, with mostly minor differences between them. It's been around for quite some time, which is why that link to the McAfee database produced at least a thousand hits.
I don't know why the particular entry you quoted from is requiring you to replace the MBR. Microsoft says nothing about it in its Encyclopedia entry for this. Check the following Microsoft articles :
http://support.microsoft.com/kb/2617291 - "How to remove the PC Repair virus".
Note the warning at the end of the first article -
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat
For more information on returning an infected computer to its pre-infected state, please see the following article/s
McAfee's cure may or may not include that additional step, but it's worth looking to see what needs to be done.
If you want to be sure that all traces of the infection are gone you can download and run Microsoft's Safety Scanner (link in the article) and/or Malwarebytes (the free version only).
Before you do anything about the MBR it's as well to make sure that it really is infected. Read this article for instructions on what to do :
The article has a link to follow if your MBR is infected. The information in the article is intended for Windows 7 users.
Edit - I missed something important in your post. Try it first from the user account with the infection. If you have any problems, reboot into Safe Mode with Networking and run as Adminstrator. You might also need to do some extra cleaning up afterwards, according to this removal guide -
Note, steps 6, 7, and 8 only - and only if you're not seeing files, shortcuts, icons and so on (they may be hidden). All the rest will already have been taken care of.
As a final step, you could clear your restore points and then immediately re-enable System Restore, just in case the infection has found a home in a restore point.
Thanks Entering the key worked, however many programs are now missing. Is there a way to get them back? System Restore possibly?
Follow the advice I gave above. Summary : McAfee scan - Quick or Full. Then a secondary scan with another detector, Microsoft or Malwarebytes (or both). Follow the Microsoft advice about undoing "lasting changes". Run this program to unhide any hidden files -
If anything else looks wrong go to steps 6,7 and 8 in the malwaretips.com blog post. Then check the MBR.