8 Replies Latest reply on Apr 14, 2014 11:09 AM by sol

    Where do I begin?  Virus/malware problem

    quik66

      Help!!!

       

      Been having some issues lately.  Bare with me, I am kind of a novice with computers.  

       

      My computer is "protected" my the McAfee Security Suite provided by AT&T U-verse.    Last week, I had a pop-up inform me of a potentially unwanted program, and it kept asking what I wanted to do...   I clicked the delete button ( or something like that) and NOT the "Allow" button.  This pop-up kept reappearing (pop ups are blocked through the McAfee stuff).  Literally 30-40 times, every 15 -30 seconds...   Then my computer closed on its own...  

       

      Finally, I restarted my computer in safe mode (F8), and ran a scan using BOTH McAfee and Malwarebytes (separately, one after the other)...   I recall one of the programs found malicious files.   I deleted/quaranteened these files as noted.

       

      Now, when I boot up, I get a "pop-up" upon starting, telling me that some file (C;/ user/.../temp files/cpeo?.dll, question marks is not the file name)  can not be found.   

       

      Even though I have "automatic updates" and "automatic schedule scans" turned on ( for McAfee), I still manually updated both programs, and reran several times in both "safe mode" and normal operating mode...

       

      But I am still having random issues.  One of the issues is a redirection.  I "Googled" something, and when I hovr over the results, the address look fine, but when I click on those results, my screen flashes through several screens, usually to another "unknown" search engine...   I was also taking me often to a "Wikipedia" page that said there was nothing for my search terms (or similar).  

       

      When this happened, I'd once again scan, and usually reboot/scan again in safe mode...

       

      Several scans found malicious files, but usually they came back "clean"...

       

       

      Then i noticed problems with McAfee.   During the scan, there is a side bar that scrolls through several statistics...

       

      One stat is "the number of malicious files found since 4/12/2013"  

       

      One stat is the files searches during your last scan (scanning several times a day for the last week+)...

       

      Pretty sure the "number of mlicious files found" has increased significantly (currently is 420, was in the low 300's?), even though the results of the scans have only "found" 4-5 files during the last few weeks...

       

       

      BUT THEN...   I noticed the scans taking longer.   A total scan WAS searching/scanning 250,000 files.  previous to these events, this was a rough range (200,000+...  I was assuming my entire C-drive...     Last night, I noticd the number had increased to 950,000+!!!     Pretty sure this is incorrect, a virus or malicious software...

       

       

      What should I do?

      What info should I provide?

      OS version, IE version, McAfee version?

      I am away from my home computer right now, but I have printed some screen shots

       

      Thanks

        • 1. Re: Where do I begin?  Virus/malware problem
          k3tg

          quik66

           

          Welcome to the McAfee forums.....There are some excellent tool and tips in Anti-Spyware/Malware & Hijacker Tools that will assist you in resolving your issue. McAfee Stinger is within the document as well as GetSup

           

          You could certainly try to run MVT found in Useful Links at the top of this page in the Technical Support link. MVT will scan your computer for any McAfee related issues and will attempt to fix any it may find.

           

          I should add that I hope your computer is up to date with all windows security updates and other programs such as Java & Adobe

           

          I believe your post should be in the security awareness community and I attempted to move it over there but I am still having an issue myself and I think it is only a permission issue.

           

          Try some of those tools and post back and hopefully some other folks chime in to offer you some help.

           

           

          Good Luck

          • 2. Re: Where do I begin?  Virus/malware problem
            Peacekeeper

            I would clean up all internet temp files temp iles and clear all caches of all browsers as well as running the scanners tom linked to.

            • 3. Re: Where do I begin?  Virus/malware problem
              quik66

              Thanks Tom and Tony

               

               

              Where do I go to find the steps to empty the temp files, etc?  I know I have done that before, but can't recall the steps...

               

              Also, How do I know what versions of Windows & Service Pack/Internet Explorer version, etc. 

               

              I know I delete my IE stuff regularly (once a week or so).

               

              I have automatic updates for Windows, so I hope thats been updating correctly.  Adobe always "asks" to update, not sure about Java.

               

              No other browsers used, although contemplating going to Firefox in the future.

               

               

              Thanks again,

               

              Tony (quik66)

               

              Message was edited by: quik66 on 4/12/14 10:38:39 AM CDT
              • 4. Re: Where do I begin?  Virus/malware problem
                quik66

                Thanks

                 

                One other thing.

                 

                When doing the "System restore", it will get rid of anything I placed on the computer after the "restore" date, correct?

                 

                I just downloaded some pictures from my camera yesterday, so I guess I'll have to load them on a thumb drive before I perform the System restore.

                 

                I don't think I have any other files I loaded and need in the past few weeks.

                 

                Thanks again,

                 

                Tony

                 

                Message was edited by: quik66 on 4/12/14 10:42:48 AM CDT
                • 5. Re: Where do I begin?  Virus/malware problem
                  Hayton

                  Your own files, things you've added, shouldn't be affected by a System Restore. You'll need to re-install anything from Microsoft, McAfee, and perhaps from other companies (like Adobe) that came in recently.

                   

                  Check in Control Panel to see if you have Java installed. If you have, and unless you're certain that you need it, it's better to uninstall it. It's been notoriously prone to exploits by malware authors in the past.

                   

                  Cleaning all unwanted files can be done from within Windows, there's a built-in program called 'cleanmgr' which does a reasonable job. If you want to do more McAfee has a QuickClean option in Security Center, or (my favourite) you could run CCleaner, which purges files from most temp locations. Go for the free version, it's good enough for the job.

                   

                  If you want complete information about all the versions of system software you're running (including Windows and IE) then you could do worse than run Speccy, another program from Piriform - the CCleaner people. The 'Operating System' option will show the Windows and IE versions; on my machine it only shows Service Pack numbers in the 'Hotfix' section. It's a useful tool to have in case you need to find information about your PC hardware.

                  • 6. Re: Where do I begin?  Virus/malware problem
                    catdaddy

                    Hi quik66,

                              I am glad to see your post was moved to the appropiate area. As for system restore, Simply creating a (New) restore point would be useless...until you have resolved the issues mentioned here-in. I would hesitate to revert back to the "Last Known Configuration", especially due to the most recent Windows updates.

                     

                    ( Which irregardless, you have to accertain that you make certain you are still current with all of "Windows Updates" through April 8th, which was "Patch Tuesday")

                     

                    In laymans terms, you can temporarly (Disable) System Restore, and run the Malware Tools as suggested.

                    By doing such, this will enable the chosen scan, to detect any impropriotiies that may exist in "Restore Points" prior to the latest "Windows Updates".

                     

                    After doing such, you would benefit from running a "SFC/SCANNOW" in Administrator Mode to ensure there are no integrities issues. As for deleting your (Temp Files,Temp Internet Files, Cache and so on) simply use your "Quick Clean" feature in your McAfee product.

                     

                    After making certan that you are current with all Windows Updates, and Add-ons, to include Internet Explorer 11.  You may choose to run a Chkdsk   r/  to make certain your system volume is properly configured.

                     

                    In additon to further improve your OS Performance, you can choose to "Delete" all restore points except the latest, after you have performed the above offered suggestions.

                     

                    All the Best,

                     

                    Message was edited by: catdaddy on 4/12/14 11:51:45 AM CDT
                    • 7. Re: Where do I begin?  Virus/malware problem
                      catdaddy

                      If I may add, While I "Whole Heartedly" agree with Hayton,s suggestions, for in comparison he is more knowledgeable than  I. I am "Humble" enough to admit it.  Please be very careful when utilizing "Ccleaner-Piriform"  Especially in regards to using the "Registry Cleaner". If one is not knowledgeable in what programs, registry entries, etc. that is chosen to remove.

                       

                      You can do more harm,than good. While I am inclined to agree with Hayton, Ccleaner is a "Superb" registry cleaner, even though I don,t recommend using them, again for the simple reason being...One has to be  knowledgeable on which individual "Registry Entries" they remove.

                       

                      Having said all this...It is a resourceful Tool-Program to remove (Stubborn) remnants left over from using the "Windows Disk Clean"- "McAfee Quick Clean"  I even suggest that when using "Quick Clean' Be cautious in selecting "Registry" items.

                       

                      Again, just my (2) cents......

                       

                      Kind Regards,

                       

                       

                      • 8. Re: Where do I begin?  Virus/malware problem
                        sol

                        In this day and age and all the security flaws and culnerabilities... Having interacted that many times with popups... the best thing you could do to be insured there are no underlying rootkits or spying malware that goes unnoticed is to rebuild.

                         

                        I would suggest that in the future people look in places like the user\appdata\local folder and the others for strange .exe files just laying around. This is where i find most of our unklnown threats to send to Avert labs for testing and protection. The cached file folders and temp numerous windows temp folders are not the only places that malware is dropped. I have even found encryptolocker files in the Program Data\McAfee folder and sent those in.

                         

                        once the system is that infected, it is a good time to explore your system if your thoughts are to play it safe and rebuild it. (reimage it)

                         

                        reminder: for this very reason, it is good practice to re-image your system every so often to help speed the process by having the most recent patches and updates to systems.

                         

                        PS... if you are a corporation, please remember that McAfee DOES NOT hold up its' support aggreement if they find Malwarebytes or any other malware protection has been used on the system. And no... removing it is not enough since their are notes in the registry and mcafee logs that will point to the fact it was installed and used. Please be cuatious about this. I was under the understanding that Malwarbytes was ok to use, apparently not even if you did purchase a license for it