7 Replies Latest reply on Apr 25, 2013 3:50 PM by Peter M

    supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?

      Hello,

      i have the following problem:

      McAfee internet security suite is installed on several PC in a home network I look after. - OS is WinXP prof.

      Since some time McAfee shows suspicious behaviour:

      - real time scan is deactivated just after i activated it

      - task bar symbol vanishes on klick = can't invoke the Program window

      - attempt to start McAfee from Program menue is also unsuccessful

      - an attemp to uninstall (i.o.t install a diferent security software) provoked a "failure" message

       

      all the above arises the suspicion that there might be some kind of malware fiddling around with McAfee i.o.t. stealth itself

       

      I have:

       

      connected the HD externally to some other PC and scanned it with MAffee  - clean result (same network, might be infected, too?!)

      had a live Linux ("desinfec't 13" german PC magazine C't by Heise verlag -www.heise.de) scan with Bitdefender, Avira and Kaspersky - clean

      had Eset and Kaspersky online scanners scan it  - clean

       

      am i paranoid to assume a rootkit (or whatever) infection and this is pefectly well known (mis)behaviour of McAfee?

      What else can i do?

        • 1. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?
          Peter M

          It could be just a glitch.  Can you clarify that XP is SP3 please, also can you clarify if you have upgraded Internet Explorer as high as it will go with XP,  to IE8?  

          McAfee utilizes Internet Explorer to work properly, even if you use another browser as your default browser.

          Also what version of McAfee is installed?  Open it and then go to About, or Navigation > About, depending on version.

           

          Check the last link in my signature below and try running McAfee RootkitRemover perhaps Malwarebytes Free also.

           

          Don't accept the free trial for Malwarebytes otherwise you will end up with the wrong version.

           

           

           

          .

           

          Message was edited by: Ex_Brit on 24/04/13 3:31:00 EDT PM
          1 of 1 people found this helpful
          • 2. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?
            Hayton

            The OS is Windows XP Pro, which has UAC. Is this another example of the known bug where mcagent will not run in the second user account when more than one user account is active on the machine?

             

            @erdan, when this happened -

            - real time scan is deactivated just after i activated it

            - task bar symbol vanishes on klick = can't invoke the Program window

            - attempt to start McAfee from Program menue is also unsuccessful

             

            How many user accounts were running on your machine? I have seen this in the second account to become active, and everything is normal in the first account.

            1 of 1 people found this helpful
            • 3. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?

              sorry for continuing this with such a time gap... i have to work in between and care for this in my sparetime

               

              Win XP pro is SP 3 all updates (including IE) up to date and installed.

              Mc Afee Security Center v 12.1 of Jan 11. 2013

              McAfee AV and Anti Spy v 16.1 def of 25.05.2013, Scan Model 24.04.2013

              personal Firewall v 13.1 of Mar 06. 2013

              automatic updates activated, subscription valid

               

              it might have been a glitch in the way i described it in the OP, because the machine was in a weird state, where MCAffee seemed to be constantly trying to install updates and hindered logging off (User switching was possible) - hardreset and a clean reboot fixed this.

               

              still- although invoking McAfee window now worked- the firewall automatically deactivated and cannot be activated again - which upholds my suspicion

               

              following your last link i ran Rootkit revealer w. negative result

              Stinger yielded no threats but remarkably: the log said "Rootkit scan result : Not Scanned." although the Rootkit scan was definitely checked in the Stinger Settings Tab.

               

              Malwarebytes scan is still running...

              (all scans are full scans)

               

              on 25.04.13 14:51:01 CDT
              • 4. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?

                actually there were 2 user accounts running at the time - one priviledged and one not...

                but as i had to admit in my answer to Ex_brit this might have been sth that resulted from an undefined state

                 

                still this doesn't explain the un-activate-ability of the Firewall...

                (no there's currently only one user active)

                • 5. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?
                  Peter M

                  If Malwarebytes comes up clean also you might, simply as a precaution, post a Hijackthis log on one of the forums I listed lower down that last link in my signature.

                   

                  The software doesn't always behave well especially if there a two users signed in at once or if you've hibernated the machines at some stage (they know about this issue).  I've always found it's best to power off the machine when done for the day.

                   

                  Hayton may have some suggestions but mine would be to then try uninstalling the software via Control Panel, then run the MCPR cleanup utility, listed under Useful Links at the top of the page, reboot and reinstall from your online account.

                   

                  Last but not least, if you've been using registry cleaners of any kind, stop.  Those can cause problems like this too.

                   

                   

                  .

                   

                  Message was edited by: Ex_Brit on 28/04/13 9:43:01 EDT AM
                  • 6. Re: supicious behaviour of McAfee Internet security - self deactivating-taskbar symbol vanishes- Rootkit?

                    Ex_Brit schrieb:

                     

                    The software doesn't always behave well expecially if there a two users signed in at once or if you've hibernated the machines at some stage.  I've always found it's best to power off the machine when done for the day.

                     

                    Last but not least, if you've been using registry cleaners of any kind, stop.  Those can cause problems like this too.

                    Thats why i hardreset and clean booted the machine to a defined state - that apparently helped a lot here

                     

                    and reg-cleaners have not been used either

                     

                    i'll try the unistall option tomorrow then..

                     

                    Thx a lot for your effort..!