My McAfee Anti-virus kept finding and blocking

Welcome to Majorgeeks!

Most people are under the very mistaken misconception that HijackThis is a scanning/removal tool. It is not! HijackThis is simply a tool that is used to identify browser hijackers and in some cases it will show entries for some malware that is for instance running at startup. All it does is list a few of the thousands of registry keys that exist, and it makes no inferences to whether anything being shown is good or bad. That decision is left a person with significant Windows and malware cleaning experience. HijackThis does not come close to showing all malware that could be hiding on a PC. Anyone who has an infected computer and is relying on HijackThis without the benefit of running other scans such as Spybot, Windows Defender, BitDefender & Panda, CCleaner, etc. are more than likely still infected. In most cases, where there is one virus/trojan there are more. The goal of this forum is to remove all malware, and this cannot be done properly by just seeing a HijackThis log.

Thus if you really want to know whether your PC is clean, you will have to follow the below steps. Note: however that slow PC's do not necessarily mean you have malware. Internet Security suites like McAfee's slow down more PCs than malware. Also, while it is a good program, Spy Sweeper has been know to cause some significant slow downs. Did you purchase Spy Sweeper or are you just using a trial version?

To determine whether your PC is clean, please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Re: Posted last week but just got a chance to complete

As you suspected, your logs are clean. This is a good thing. It means that McAfee has more than likely fixed your problem. If this keeps reoccurring, it would indicate that your problem is probably related to some site that you are accessing or downloading from. Next time it happens, note where you have been surfing also write down exactly what and where McAfee is finding the problems. More specifics are always much more helpful.

I have a few tips for you to help you improve your slow PC problems!

First you never got all of Panda Antivirus uninstalled. You probably used it at one time and then uninstall it. Let's fix this.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Panda Process Protection Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pastePavPrSrv into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run this Disable/Remove Windows Messenger to remove Windows Messenger.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Also uninstall Viewpoint Media Player which should have been uninstalled in step 0 of the READ ME.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

After clicking Fix, exit HJT

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Did that speed things up a little?

 

If speed is what you are looking for, your main problem is the McAfee items your are running. It is a performance killer. You will have to decide whether you like McAfee well enough to live with this.

But you do have one other minor startup you can have HijackThis fix.
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!