1 2 3 Previous Next 23 Replies Latest reply on May 7, 2014 12:18 PM by Peter M

    Webget malware got past McAfee

    treetrunk

      i just found myself infected with "webget" malware which mcafee totally failed to stop.

       

      It seemed to install from a fake adobe acroreader site. I clicked on a pdf which told me I did not have the latest acrobat reader installed. I foolishly follwoed the link and found random really annoying flashing ads everytime I browsed. I ran a full Scan in safe mode but McAfee told me everything was fine even though it wasn't.

       

      I identified that a webget directory had recently been created under c:\program files (x86).

      the malware had also installed a mysearchdial app, with settings under c:\users\name\appdata\roaming\mysearchdial\

       

      I was able to locate the files by checking the mcAfee firewall settings - several items (sone with names and some without) had enabled full firewall access.

       

      Attempting to shred webget using mcaffee gave the error access denied.

      atttempting to remove with windows file explorer was unsuccessful. I could not run file exporer as administrator.

       

      the malware also corrupts the windows update database (discovered by running the windows torubleshooter for windows update)

       

      Another mcafee scan still said everything was fine.

       

      I restarted windows in safe mode again (via windows 8.1 advanced startup options)

       

      i ran cmd (command prompt) and used DOS to del everything in the webget directory and the misearchdial directories both in program files and users.....appdata.

       

      restarting confirms malware is finished,

       

      running windows update took a long time - it thinks it never installed any updates (are you kidding this is windows - it has installed hundreds of updates in the last year!!).

       

      still macafee is none the wiser.

       

      McAfee - you let me down, can I have the last 5 hours of my life back please?

        1 2 3 Previous Next