Friday, July 30, 2010

MacAfee is annoying

After malware appeared for the second time this week on my desktop (I probably did a faulty cleaning job the first time) I decided to upgrade my desktop to Windows 7. I loaded on a version of the generic image. Everything migrated over in under 3 hours.
However, IE 8 is very slow to load pages. It takes over a minute to load any page. Firefox loads pages normally. I discovered that something in McAfee is causing this, but I am unable to pinpoint what it is. So I’ve disabled it for now. I did install Microsoft Security Essentials so I am not completely unprotected.

http://www.brighthub.com/computing/windows-platform/articles/44681.aspx

The other thing is that I’ve installed other addons and applications. One of those could be suspect.

Thursday, July 29, 2010

Downloader.CKA

McAfee found a couple of files in my profile\local settings\application data\temp folder that were infected.  It was at 8:15am, before I got into work.  I manually looked for other signs of the virus but did not find any.  I think a reload is in order...

Monday, July 26, 2010

FakeAlert-KW! - Annoying malware

I visited a website that I had been to few times in the past week.  Well this one time I clicked on a link and it installed "Security Tool" on my PC.  Here is info on what I found and how I removed it.

http://www.xp-vista.com/spyware-removal/remove-security-tool-removal-instructions

--
Here's an excerpt:
By Stephen on Dec 10, 2009
A friends computer had this in it and McAfee AntiVirus, but McAfee did not see it as a virus or malicious in any way. In a normal startup it would not allow a McAfee virus scan, nor would it allow task manager to be opened, or even the registry editor.
In order to remove it from the computer:

1) Boot windows into Safe Mode (Tap F8 repeatedly before windows boots to get a list of options, use arow keys to select Safe Mode and press enter).

2) After getting into safe mode find a shortcut to the program, right click and go to properties, in the properties window click on “Open File Location”, take a note of the name of the program for later.

3) Go “up” one level so you are looking at the folder the program is in, right click on the folder and click delete.

4) Search your computer for the name of the program without the .exe (usually a random set of numbers, in my case 26440218).

5) Delete anything matching that string of numbers exactly
6) Open the registry editor by going to run (Start>Run in XP, Start>All Programs>Acessories>Run in Vista) and type regedit.

7) Click Edit>Find and search the registry for the name of the program without the .exe (the string of random numbers), ONLY delete entries specifically matching the name of the program, once an entry is deleted there is no undo.

Search many many times and delete the specific matches to your search until you get the message “Finished searching through the registry.”

9) Close the Registry Editor and restart your computer and let it boot normally and make sure that the program is no longer there. If it is still there follow these steps again until it goes away.

If that still doesn’t work then download one of the removal programs.
--

This malware changes it installation folder often.  Persistence is the key, the instructions are not up to date.

Here's McAfee's take on it.

http://vil.nai.com/vil/content/v_249803.htm

McAfee Virusscan Enterprise 8.7i detects but DOES NOT remove it.  Apparently a quick and fast way to do this is to delete the infected user profile.  Also must remove the Windows hosts file.  In XP, is located in c:\windows\system32\drivers\etc\hosts.  The malware changes the location of google and other websites to its own sites.

Apparently, Microsoft Security Essentials detects and removes it.  Will find out shortly.