Facebook
Google
GitHub
Linkedin
Norton/McAfee Malware
- Thread starter crutschow
- Start date
djsfantasi
- Joined Apr 11, 2010
- 9,237
Did you Google “remove McCaffee” as I suggested?
I just did and there are many resources on how to remove their antivirus tools. Including a free tool to remove the product.
I was an IT Department Manager, and this is how we removed stubborn products.
Once you delete exe files, use tools other than the manufacturer, and so on, you get the problems you are describing.
In particular, McCaffee can reinstall missing components. It also has a supervisor code that will restart components that you’ve manually stopped. Thus you need to do the best you can (oftentimes that means using vendor tools) to remove ALL linked components.
I just did and there are many resources on how to remove their antivirus tools. Including a free tool to remove the product.
I was an IT Department Manager, and this is how we removed stubborn products.
Once you delete exe files, use tools other than the manufacturer, and so on, you get the problems you are describing.
In particular, McCaffee can reinstall missing components. It also has a supervisor code that will restart components that you’ve manually stopped. Thus you need to do the best you can (oftentimes that means using vendor tools) to remove ALL linked components.
As I stated, this is not an installed antivirus tool, it is malware from some unknown SOB that is mimicking the McAfee/Norton logo, so an antivirus removal tool for those products is of no use.
When I click on the window it brings up a malware site, not the official Norton/McAfee website.
Reboot the computer. In the bottom left of the screen is the "start a search" field. Type in task manager and enter. Review the tasks. Google any unknown tasks. And work from there. Also maybe before you start, make a new restore point.
Edit: Actually, task manager has a link to do a search online for the task so no need to google for it. Left click on the task to get the pulldown menu and it is there.
Edit: Actually, task manager has a link to do a search online for the task so no need to google for it. Left click on the task to get the pulldown menu and it is there.
I'll list a few things that have worked for me in the past.
First is Task Manager...
I've used Task Manger since day 1 to help determine things running that are not supposed to be running. It is best to start doing this though when you first install the operating system. You become familiar with the things that are running that are meant to be there and so when something appears out of nowhere one day you have that suspicion to work from. You dont only want to check the files running but also the services running.
If something is not right and you cant delete it, it is good to have a second way to boot up so you can delete files you are sure are not supposed to be there. Save a copy of all the files though in case something even worse goes wrong, then recopy them back if you have to using the second boot up method. There are also programs you can download that help delete files, if you trust them.
Sometimes you can alter a start up file so that some things do not load when you boot up. You dont have to delete anything that way, just alter one file in a text editor.
Self Scan...
You can also do a scan yourself of the entire system. This involves reading each important directory and creating a log of the file directory, file name, file date, file time, file exact number of bytes in bytes not kbytes or Mbytes or Gbytes, and most important the file's zip compatible CRC code or at least some CRC code.
When you encounter a problem you recheck the files a second time making a second log, then compare the two logs. Any files which have changed are very suspect if you did not do an update. If you did do an update you need to scan all over again right after the update while you are NOT logged onto the internet. In fact all of this has to be done when you are NOT logged onto the internet.
The program that does this you create/write yourself so you know it is true and not bogus.
It takes time to run but that's life.
Window Logging...
You can detect any window that has been created even if it is hiding so the operator does not see it. There are Windows API function calls that can help with this. Make a log of all the windows that are normally open when running things, then check again later if any problems come up. If you find windows that are open that seem suspicious, you can investigate.
Investigating Unknown Items...
This can take a while sometimes but it helps a lot. It involves doing things such as looking up files on the internet, looking up windows and window classes and noting what they are there for. The procedure for this varies because there are a lot of ways things can change in a computer system. Sometimes you will be playing the role of a cyber detective and unfortunately the cyber criminals are getting better at it every day.
Reinstall The Entire System...
This is the last resort. Sometimes things go so wrong that it is extremely hard to get back up and running in a way that restores all functions and gets rid of unwanted stuff. To help with this, make a log of what you did when you installed the op sys for the first time or when you reinstall the next time. Write everything down that you had to do to get everything installed and make it as detailed as possible. This will make it faster and easier to reinstall if you have too.
I used to do this once every three months so i had it down pat, but it was because of my reinstall list that i was able to get everything back up and running normally. Without that i'd have to figure everything out again.
In the worst cases you may have to reformat the disk drive using a separate tool before you install any software.
Backup...
You know the three rules of backing up important files:
1. Backup.
2. Backup.
3. Backup.
That really says it all. Make at least three copies of everything somehow some way. It is not easy to do this, but you wont lose anything if you follow this basic rule which has been around as long as computers were in existence.
Good luck to all of you
First is Task Manager...
I've used Task Manger since day 1 to help determine things running that are not supposed to be running. It is best to start doing this though when you first install the operating system. You become familiar with the things that are running that are meant to be there and so when something appears out of nowhere one day you have that suspicion to work from. You dont only want to check the files running but also the services running.
If something is not right and you cant delete it, it is good to have a second way to boot up so you can delete files you are sure are not supposed to be there. Save a copy of all the files though in case something even worse goes wrong, then recopy them back if you have to using the second boot up method. There are also programs you can download that help delete files, if you trust them.
Sometimes you can alter a start up file so that some things do not load when you boot up. You dont have to delete anything that way, just alter one file in a text editor.
Self Scan...
You can also do a scan yourself of the entire system. This involves reading each important directory and creating a log of the file directory, file name, file date, file time, file exact number of bytes in bytes not kbytes or Mbytes or Gbytes, and most important the file's zip compatible CRC code or at least some CRC code.
When you encounter a problem you recheck the files a second time making a second log, then compare the two logs. Any files which have changed are very suspect if you did not do an update. If you did do an update you need to scan all over again right after the update while you are NOT logged onto the internet. In fact all of this has to be done when you are NOT logged onto the internet.
The program that does this you create/write yourself so you know it is true and not bogus.
It takes time to run but that's life.
Window Logging...
You can detect any window that has been created even if it is hiding so the operator does not see it. There are Windows API function calls that can help with this. Make a log of all the windows that are normally open when running things, then check again later if any problems come up. If you find windows that are open that seem suspicious, you can investigate.
Investigating Unknown Items...
This can take a while sometimes but it helps a lot. It involves doing things such as looking up files on the internet, looking up windows and window classes and noting what they are there for. The procedure for this varies because there are a lot of ways things can change in a computer system. Sometimes you will be playing the role of a cyber detective and unfortunately the cyber criminals are getting better at it every day.
Reinstall The Entire System...
This is the last resort. Sometimes things go so wrong that it is extremely hard to get back up and running in a way that restores all functions and gets rid of unwanted stuff. To help with this, make a log of what you did when you installed the op sys for the first time or when you reinstall the next time. Write everything down that you had to do to get everything installed and make it as detailed as possible. This will make it faster and easier to reinstall if you have too.
I used to do this once every three months so i had it down pat, but it was because of my reinstall list that i was able to get everything back up and running normally. Without that i'd have to figure everything out again.
In the worst cases you may have to reformat the disk drive using a separate tool before you install any software.
Backup...
You know the three rules of backing up important files:
1. Backup.
2. Backup.
3. Backup.
That really says it all. Make at least three copies of everything somehow some way. It is not easy to do this, but you wont lose anything if you follow this basic rule which has been around as long as computers were in existence.
Good luck to all of you
Last edited:
Can you view the process tree? Maybe you can look at the head of the tree and try to kill that process.
I have encountered this type of problem myself. The only fix is to find the program that causes the file to get copied back again if you had deleted it. Same thing if you kill the process and it comes back a second or two later.
You might look up one of the startup files and see if there is anything strange that is being loaded at boot up. If there is nothing strange, it may be a regular program that is infected and has to be replaced.
This is where having a complete log of the system comes in very handy. You can spot a corrupt file and recopy it from a backup if you have a second way to boot up that does not use the infected system.
I would ask just how hard is it to reinstall your system completely if you have to.
Ironically your best bet may be to buy Norton antivirus; it may find and neutralize the malware. I've been buying Norton for about five years and I think it adds a good layer of protection. Even if I have to spend just 1 hour trying to fix a popup problem, one that Norton would take care of for me, the price is well worth it.
I'm going to suggest you pop over to bleepingcomputer.com and start a thread in the https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/ area. Years ago I was a malware removal expert there (when removing malware was straight forward) and I know there are still a lot of people there that really know what they are doing. If they can't get rid of it for you, then no one can.
I used to work for Mcafee as Tech support, I think backing up your files then zero the drive and reload the operating system. Trying to just edit files and screw with the system isn’t going to work sad part is you don’t know what files are infected either but once you save them you can scan them with a good tool for infections.
kv
Edit: Also put them on a separate drive not on your new operating system.
kv
Edit: Also put them on a separate drive not on your new operating system.
..... unless the malware has corrupted it.
novicefedora
- Joined Jun 15, 2020
- 12
You can run Kaspersky and see if it removes, I heard they are the best antivirus for Windows on the planet. I read somewhere that you are using process explorer, you can also try using Process Hacker(but run it in administrator mode) and Comodo Internet Security, especially it's HIPS software.I have some malware on my computer Windows 10 computer that I can't can't rid of.
I am running Windows Defender and ran Malwarebytes but no luck.
Various small popups (such as below) saying My Norton or McAfee subscription has expired, or that my computer is infected (and the infection is the popup
The stay on top of all other windows and are impossible to remove.
I've using Chrome and went through the cleanup process for that, but the malware is apparently installed on my computer independent of the browser.
Anyone else have experience with this?
Here is what I'd do though, after turning on the computer, keep pressing F8 before the Windows logo shows up, it'll show you a couple of options in command line, go to the line which says something like start in safe mode with essential services only, once you login, start boot time scan with your anti-virus software.
Boot time scan might take long time depending on your system and the size of your disks. They usually find the process loading at start up, before the malicious software can actually load.
novicefedora
- Joined Jun 15, 2020
- 12
Does the Process Explorer show the suspicious process, you can locate it on the disk and rename the file, restart and delete it. If it doesn't allow you to rename the file, try the F8 method and start in safe mode with only essential services, then locate the file and delete.
If even that doesn't work, use a live distro from a thumb drive, use a Linux file manager to find the file and delete it from there.
Good job running it down.
Now, I make the following suggestion:
1. Install Linux as a dual-boot. This way, you can always revert to a pure Windows environment when you have to (or when you start feeling uncomfortable).
2. On your Linux installation, install Virtualbox, and create a Windows 10 virtual machine (I can help you with this!). There is pretty much nothing you cannot do on a Win VM that you cannot do on pure hardware.
3. Get used to running Win 10 as a VM under Linux. Use it only for those necessary apps that you require Windows for, *but* only access the web, mail, etc. via Linux.
This way, you can run Win without an AV. Everything will run far faster -- even your Windows -- and (with a little discipline on your part) Linux will protect you.
Believe it or not: Linux is fun!
Previous deleted Post:
"Well, I think I may have tracked down the problem.
I downloaded Norton and ran a full scan and rebooted the computer.
The malware window was gone until I opened Chrome, where it immediately reappeared.
After rebooting the computer a few times, it always appeared only after I opened Chrome.
I then went into Chrome and removed all the Chrome extensions for doing editing, spreadsheets, etc. (apparently they were preinstalled in Chrome).
After that, the popup hasn't reappeared after opening Chrome (fingers crossed).
So it would appear that there was some malware hidden in the Chrome extensions."
I posted prematurely. It came back.
But it still seems related to Chrome.
I'm running Firefox now and so far, no sign of it.
It's only fun if you like messing with computers and I used to, but don't anymore.
"Well, I think I may have tracked down the problem.
I downloaded Norton and ran a full scan and rebooted the computer.
The malware window was gone until I opened Chrome, where it immediately reappeared.
After rebooting the computer a few times, it always appeared only after I opened Chrome.
I then went into Chrome and removed all the Chrome extensions for doing editing, spreadsheets, etc. (apparently they were preinstalled in Chrome).
After that, the popup hasn't reappeared after opening Chrome (fingers crossed).
So it would appear that there was some malware hidden in the Chrome extensions."
I posted prematurely. It came back.
But it still seems related to Chrome.
I'm running Firefox now and so far, no sign of it.
I believe not.
It's only fun if you like messing with computers and I used to, but don't anymore.
Have you tried the Beta release of Edge? I've used a lot of browsers over the years but the Beta Edge is pretty nice. IE they have "incorporated" a lot of Chrome!
I have run Slipknot followed by Mosaic followed by Netscape followed by Firefox for many years now. I stopped updating FF for a while after they changed the engine (around version 46?) because I didn't like the change in the interface. Then I was forced to replace the computer with a Win10 machine, and decided it was time to bite the bullet and go with the latest release of FF. I've gotten used to it, but I still don't like a lot of things they changed. They made it too much like Chrome - if I wanted Chrome I'd run Chrome.
As in they have incorporated the features that their customers like in other browsers and added user-requested features. No idea of when it is coming out of Beta but it's been out a few months with regular updates with a large Beta population that they are listening to and responding to. Kinda impressive for MS. The classic Edge is a bit painful to use once the Beta spoils you... Sorry a bit OT...
djsfantasi
- Joined Apr 11, 2010
- 9,237
I’ve been quiet for a while. But I am curious. Was McAffee ever installed on the system?
If so, did you remove it? And how was it removed? AV software is difficult to remove because of what it does.
The continuing pop-up which linked to a malware site may not have been the malware. A virus could have infected a valid executable and used the operation of the executable to continue to infect your system. This operation takes advantage of AV software to try and be self healing.
As I said, you can’t delete an AV executable. It will get reinstalled. The only way to reliably remove AV software is to use the vendors tools. While running in safe mode.
Been there and done that many times.
If so, did you remove it? And how was it removed? AV software is difficult to remove because of what it does.
The continuing pop-up which linked to a malware site may not have been the malware. A virus could have infected a valid executable and used the operation of the executable to continue to infect your system. This operation takes advantage of AV software to try and be self healing.
As I said, you can’t delete an AV executable. It will get reinstalled. The only way to reliably remove AV software is to use the vendors tools. While running in safe mode.
Been there and done that many times.
