My wife visited the web site hurricanemop.com to order a mop from a Dell desktop running Windows XP, IE8 and McAfee Total Protection 2013. She immediately received a McAfee firewall notice that a JS/Redirector.ar trojan had been encountered and had been quaranteened. I checked through the Quaranteed and Trusted Items and saw no file quaranteened but the presence of the offending file on the machine was noted under Security History at C:\documents and settings\MyAccountName\Local Settings/Temporary Internet Files\Content.IE5\0MEU2R7A\hurricanmop_com.htm. I examined that file’s properties. Compressed Item Properties Box showed “Details”: Type-HTML Document, Location-as I noted above, Original Size-2 KB, Date-05/02/2013. “Attributes”: SRC32-B248F044, Index-0, Compression-Deflated, Packed Size-1 KB. I tried to delete the file manually but received a “Compressed (Zipped) Folders Error” indicating that the machine “cannot create output file.” I also could not copy the file to another location on the machine so I could upload it to McAfee and VirusTotal for evaluation. Any action involving the file apparently requires a password. After my failed attempt to delete the file I used the Windows System Restore to go back to a Restore Point created 05/01/2013. After the process completed, McAfee updated itself. I ran Virtual Technician and got “No problems found.” However, the offending file was still listed under Security History and still resided on the machine.
I checked for new and suspicious applications on Control Panel and found none. I checked the registry for occurrences of the string “hurrican” and found none. I checked the Services and Startup entries under System Configuration in Windows and found nothing new or suspicious. I ran a full McAfee scan and a full Microsoft Safety Scan (that took seven hours to complete) and both were clean. I did an Internet search of people experiencing a similar situation and only found one: http://www.theforumsite.com/forum/topic/Technical-problems-which-keep-me-away/46 8296 That individual’s situation appears to have arisen in the same way ours did. However, he apparently was not protected from infestation by a firewall.
I have pretty much convinced myself that the file that remains on the machine has been neutralized by McAfee and won’t do any harm, even though it doesn’t appear that it can be deleted. I would like McAfee confirmation of that though. Also McAfee’s Site Advisor should evaluate the site in question and take note of any perceived dangers to protect other folks. I would appreciate informed guidance.