×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ryanjonesv
Former Member
Message 1 of 4

Question about Firewall

I have a huge problem so i need a quick answer please. Apperantly i downloaded a file that injected my pc with a virus worm whatever you call it. But it is now connecting to and outside i.p. which was not there. When i searched it i found out other users who had downloaded this file and also had the same conection ports open. I tired to shut the port down but there is no settings on Mcafee total protection 2010 only options are restore default and turn on-off. Also for some reason the firewall always says its off i i go in to try to change settings and the button says turn on. And the windows 7 firewall is being controlled by Mcafee so i cant change those setting either. I need some help guys please. I dont want to uninstall Mcafee just to close that port because im scared there is even a bigger risk. THanks in advance. Hoping to get a responce soon.

Windows 7 64 bit

Mcafee Total Protection 2010

3 Replies
Peacekeeper
Message 2 of 4

Re: Question about Firewall

BTW the firewall can block an IP this for 2010 version

Go to web and  email protection

Firewall

Connections and add the ip as blocked.

Of course with the firewall disabled better to clear virus first.

I think you need to uninstall Mcafee asap and reinstall. Do this via

http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507

BUT First follow the below steps

Step 1: Ensure Windows and McAfee are up to date

Run Windows Update, and also update on your McAfee software. SecurityCenter must be green and show that protection is enabled. If it is red, please post what item shows not protected.

Step 2: Run the FakeAlert Stinger

The most common malware is referred to as FakeAlert. It looks like valid security software.

  1. Please read this and follow all instructions: Important notice if you think you have a virus
  2. Please also read this and follow all instructions: Recognizing and avoiding Rogue Software or FakeAlert Trojans

If you're still having problems, try, the following:

Step 3: Run diagnostic scanners

  1. Restart your computer and press F8 repeatedly while booting up. You'll see a boot screen with choices.
  2. Using your cursor keys, select Safe Mode. Your PC will boot in a low resolution state and most processes will not be run.
  3. Go to My Computer (in XP) or Computer ( in Vista / 2007),
  4. Right-click the hard drive and select Scan from the drop-down menu. You'll notice an extra taskbar icon. If you hover over it, it will display a progress report.
  5. After the scan completes, make a note of anything it detected.
  6. Run the Stinger you downloaded from the instructions above, but this time set the options to Report Only, and set Artemis to VERY HIGH.  
  7. Post to the community what (if anything) the Safe Mode scan reported, and also paste in the report from Artemis.

Step 4: Submit a sample to McAfee Labs

If you know which file is infected, please upload it using any of the methods described here: How to submit a sample to McAfee Labs.

There is always a gap in protection between when a new threat hits the Internet and a security vendor such as McAfee becomes aware of the threat and and combats it. McAfee uses Artemis technology to narrow that gap, but if we miss something, we must receive a sample of it. It could be a new variant that hasn't been discovered yet. If we have a DAT for it, the automated system will send you that DAT. If we don't yet, your sample will be assigned to a McAfee Labs Engineer for investigation.

Step 5: Remove the Virus:

Self Virus Removal

McAfee provides many free tools to assist you. In addition to our Virus Information Library: http://vil.nai.com/vil/default.aspx, where you can find information on thousands of viruses and malware, you can download diagnostic tools here: http://vil.nai.com/vil/averttools.aspx.

There are also many freely available tools on the Internet. McAfee urges caution in their use and assumes no liability for them.

Two of the most commonly downloaded tools are:

http://www.malwarebytes.org/mbam.php (This can also be downloaded and run from Safe Mode with Networking Support)

http://www.superantispyware.com/superantispywarefreevspro.html

Be sure to use the free versions.

IMPORTANT: Neither of these tools is intended for use as a full protection virus scanner. They are best used for specific times when new malware, or a new malware variant, has released and conventional methods of removal have not worked.

McAfee Assisted Virus Removal

McAfee provides a fee-based Virus Removal Service which can be accessed here:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR

If no virus is detected, the fee will be refunded to you.

Community Support

Our volunteer and employee moderators are happy to assist you within our best efforts here in the community. Please perform the initial steps 1-3 above and post the reports they generate in your initial thread. That way hopefully, we can get right to the troubleshooting.

Message was edited by: Peacekeeper on 21/03/10 8:27:59 PM
ryanjonesv
Former Member
Message 3 of 4

Re: Question about Firewall

I did just about everything you told me the thing is the this coder is some real pro or something i've done a scan with three scanners McAfee Kasperky and virustotal and it came out false positive. I have no clue what to do anymore im no coder or anything so i dont know how to fix this. I do know how it works because i saw a post in another blog from people go the same virus from the same place but apperantly this guy changes his methods frewuently because diffirent people have diffirent connection to diffirent ports in diffirent ways. So im just completly lost. Acording to a person the proof that it is a virus is that it writes iteself into the  following directorys:
%APPFOLDER% (c:/programm files) under the name ffqsdff and under the  name Cerebrus or other names to which he changes frequently

Both folders are hidden.
The explorer.exe gets code injected.
as soon as your explorer runs, your system establishes the connection to  the ip-adress!!


and no, the ip-adress is not an auth server. cuz as soon as you turn on  your pc, the explorer.exe establishes the connection to the ip.

Im not sure if its a worm or what but i need to know how i can get rid of this or block the port from acces. If Mcafee has some options or programs specificlly for this

or is this my problem now? Should i submit the file for inspection? Will Mcafee clean it once it is aware of it? Im just lost i need some help anything will be appreciated. Huge thanks in advance.

Peacekeeper
Message 4 of 4

Re: Question about Firewall

Submit the file asap the submision path is here if they say nothing there reply asking for deeper manual inspection and say why.

I showed how to IP block and  port blocking can be done in a router and system ports blocked  by

Block access to an existing system service port

You can close an existing port when you want to block remote network access for a system service on your PC.

Task
1Open the Firewall settings page.
2Click Ports and System Services.
3From the list of system services, clear the checkbox next to the port that you want to close.
4Click Save.


Unsure if this helps

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community