1 Reply Latest reply on Oct 27, 2009 6:01 PM by Peter M

    "Your computer is not protected-Verify your Subscription" bug-gave me 55 trojans!

      Hi,
      My computer is infected with multiple Trojans—which I believe found their way in because my McAfee software is defective.

      I’m really in need of some step by step guidance and assistance to get rid of these trojans, and I’d very much appreciate someone working with me to help me with this.
      I’m running windows XP, have the most current Firefox (which I use as my main browser) and also have up-to-date IE8 (don’t use this browser unless I have to, but have it because I know McAfee depends on it).

      I renewed my McAfee and downloaded it directly from their site 11 months ago, and since then, I’ve consistently been experiencing the same “Your computer is not protected” pop up that a large number of others in this forum have posted about which seems to have been identified as a bug by the tech advisers in this forum-but which McAfee has not admitted to or fixed.

      The first 3-4 months-I got the pop up 1-2 times per week. For the last 7 months, I get this pop 10-16 times per week—every week— and at random times-not just after mcafee updates—but it always shows “computer and files and Internet and IM are not protected”—asks me to click “fix” and “verify my subscription” (my subscription goes through 11/2010). Every month-and multiple times per month over the last 11 months, I have contacted McAfee to report this (I have all the chat logs)-yet their techs remote in, tell me my McAfee updates are current-that my software is “working fine” —yet they see the pop up, and can’t tell me why this is happening nor can they seem to fix it. The situation has been escalated to higher level techs-and I still get the same answer. My McAfee software is NOT “working fine” –it is not fully functioning properly--it consistently is leaving my computer unprotected and vulnerable! I’m just usually sitting right there when the pop ups happen—and can click “fix” and “verify subscription” right away—but sometimes I’m away from my desk when they happen.

      Despite what appears to be defects in McAfee’s software, I guess I’ve just been very lucky until now--I do a full scan every single day—and until now, the scan always has come back clean—nothing found, nothing quarantined—at least that is what it has shown. However, all of a sudden, the scan on 10/19 found and quarantined 18 trojans—each of which I sent to mcafee-then deleted. (I have screen shots of the scan results screen-showing the actual file names, the detection names and the quarantined dates and times , along with the location where they show they were in my C drive. (Generic Artemis, Downloader.gen.a Generic Downloader, Spy-Agent-bw, Fake AlertGM, Fake AlertDZ- pohetbu.exe Artemis Trojan and others) Two of these Trojans showed dates back to April 2009--- and a couple others have dates in Feb 2009—and one shows back to 2007!!! Why have they not shown up in any scan since then or been quarantined until now!!!!??? Why would that happen? Has the McAfee scan just not been finding them until now? That’s a HUGE problem-and another example of why I think my McAfee is defective.

      After deleting them, I scanned again- showed clean. However when I’d go to google—( to try to start looking them up and trying to find a solution) I’d start getting these “fake ad” pop ups redirecting me to another site or looking like a news article on “how to make money working from home”. I “x’d” out of them—but clearly my computer was not “clean” despite what the scan had just shown. The scan on 10/20 found more Trojans-which I sent to mcafee, then deleted. Did another scan—showed clean—but I was still getting the “fake ad” pop ups and redirects when going to google, so my computer clearly was NOT clean. Scan on 10/21—found 37 trojans—36 which it quarantined and 1 that it said is “remaining”. That quarantine list shows a number of Vundo Trojans (first time I’m seeing those in the quarantine)—and Artemis Trojans, along with more “FakeAlert GM and other FakeAlerts” . I have made screen shots of the quarantined files and of all the file names, detection names, and what they show up as in my C drive. The scan shows 0 fixed and all of them are still sitting in quarantine. I’m still getting the “fake ad” redirects and had a screen coming up that is a “fake example” of a Windows System screen and flashes all kinds of “your computer is infected-Please install anti-virus software” messages- showing a link to http spyware-remove….and wanting me to buy their software to fix it. I have not clicked the “OK” on any of those pop ups –I have just “x”d out of them.

      Now—McAfee wants to charge me $89 to remove the Trojans—that it seems pretty clear that THEIR defective software let in to begin with—AND—they’ve told me there is no guarantee—if the same “generally named” Trojans come back a couple days from now, and yet they have “differently named locations in my “C” —they consider those “different Trojans” and it is another $89 each time!

      I am BEYOND frustrated-and ticked off at McAfee.

      I run my business from the computer that is infected-and I cannot afford to lose everything on there. Many files and programs are backed up—but some recent family and vacation photos and some folders in “My documents” are not—and I’ve tried to copy those onto a flash drive to at least save them-then to run a scan on them to make sure they are clean—but I cannot even copy them now to a flash drive…am assuming it is because of the Trojans.

      After the last scan on 10/21, I went to a number of the tech forums and saw that the most recommended tool for these trojans was malwarebytes along with superantispyware. The techs there indicated that because these both are exe files-and the Trojans are also exe files-that the Trojans may try to disable the install—and gave a number of ways to try to download, install and rename the files in order to get them on the infected computer. I’ve tried all the methods they suggested for downloading both of those tools to the infected computer –tried in normal mode, in safe mode with networking, by changing the file name of the set up file as well as the file in the C drive to a one word name (“spaghetti” and other “generic” sounding names) with and without the .exe at the end (tried naming them .bat .com, etc). I’ve also tried downloading both tools onto a flash drive on a clean computer, renaming them there, and then trying to install them into the infected computer in both safe mode, normal mode, and safe mode with networking—and nothing has worked….the Trojans “cut off” the install just as it is trying to finish-even though the files and components for these two tools end up showing up in my computer-they neither one will fully install or run.

      I have now shut down that infected computer and unplugged its internet connection.
      I had also contacted the malwarebytes site after I was unable to install their software and they suggested I download combofix-but in googling and reading about that tool—it cautioned that it is a very powerful tool that you need step by step tech support to use-and that once you delete something that could actually be an important file, you can’t get it back or reverse what you’ve done-and I’m not comfortable with just using that on my own-so I’ve not downloaded that. Other suggestions have been to just wipe my system clean—and I don’t want to just “wipe my system clean” as I can’t afford to lose all my files and business related programs. Also-- until I can get my files/photos backed up that are not backed up-I’m also not comfortable doing a system restore to a point that is previous to those photos and files being put on my computer—because I’d lose all those files/photos if I restored to a point in time before they were on my computer since they are not backed up.

      I’m happy to provide whatever other details, screen shots of the quarantine, etc. can assist someone in helping me to get rid of these Trojans….and would appreciate step by step guidance from someone experienced in this….thanks very much in advance.