I have a huge problem so i need a quick answer please. Apperantly i downloaded a file that injected my pc with a virus worm whatever you call it. But it is now connecting to and outside i.p. which was not there. When i searched it i found out other users who had downloaded this file and also had the same conection ports open. I tired to shut the port down but there is no settings on Mcafee total protection 2010 only options are restore default and turn on-off. Also for some reason the firewall always says its off i i go in to try to change settings and the button says turn on. And the windows 7 firewall is being controlled by Mcafee so i cant change those setting either. I need some help guys please. I dont want to uninstall Mcafee just to close that port because im scared there is even a bigger risk. THanks in advance. Hoping to get a responce soon.
Windows 7 64 bit
Mcafee Total Protection 2010
BTW the firewall can block an IP this for 2010 version
Go to web and email protection
Firewall
Connections and add the ip as blocked.
Of course with the firewall disabled better to clear virus first.
I think you need to uninstall Mcafee asap and reinstall. Do this via
http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507
BUT First follow the below steps
Step 1: Ensure Windows and McAfee are up to date
Run Windows Update, and also update on your McAfee software. SecurityCenter must be green and show that protection is enabled. If it is red, please post what item shows not protected.
Step 2: Run the FakeAlert Stinger
The most common malware is referred to as FakeAlert. It looks like valid security software.
If you're still having problems, try, the following:
Step 3: Run diagnostic scanners
Step 4: Submit a sample to McAfee Labs
If you know which file is infected, please upload it using any of the methods described here: How to submit a sample to McAfee Labs.
There is always a gap in protection between when a new threat hits the Internet and a security vendor such as McAfee becomes aware of the threat and and combats it. McAfee uses Artemis technology to narrow that gap, but if we miss something, we must receive a sample of it. It could be a new variant that hasn't been discovered yet. If we have a DAT for it, the automated system will send you that DAT. If we don't yet, your sample will be assigned to a McAfee Labs Engineer for investigation.
Step 5: Remove the Virus:
Self Virus Removal
McAfee provides many free tools to assist you. In addition to our Virus Information Library: http://vil.nai.com/vil/default.aspx, where you can find information on thousands of viruses and malware, you can download diagnostic tools here: http://vil.nai.com/vil/averttools.aspx.
There are also many freely available tools on the Internet. McAfee urges caution in their use and assumes no liability for them.
Two of the most commonly downloaded tools are:
http://www.malwarebytes.org/mbam.php (This can also be downloaded and run from Safe Mode with Networking Support)
http://www.superantispyware.com/superantispywarefreevspro.html
Be sure to use the free versions.
IMPORTANT: Neither of these tools is intended for use as a full protection virus scanner. They are best used for specific times when new malware, or a new malware variant, has released and conventional methods of removal have not worked.
McAfee Assisted Virus Removal
McAfee provides a fee-based Virus Removal Service which can be accessed here:
http://service.mcafee.com/SpecializedServiceHome.aspx?lc=1033&sg=VR
If no virus is detected, the fee will be refunded to you.
Community Support
Our volunteer and employee moderators are happy to assist you within our best efforts here in the community. Please perform the initial steps 1-3 above and post the reports they generate in your initial thread. That way hopefully, we can get right to the troubleshooting.
Message was edited by: Peacekeeper on 21/03/10 8:27:59 PMI did just about everything you told me the thing is the this coder is some real pro or something i've done a scan with three scanners McAfee Kasperky and virustotal and it came out false positive. I have no clue what to do anymore im no coder or anything so i dont know how to fix this. I do know how it works because i saw a post in another blog from people go the same virus from the same place but apperantly this guy changes his methods frewuently because diffirent people have diffirent connection to diffirent ports in diffirent ways. So im just completly lost. Acording to a person the proof that it is a virus is that it writes iteself into the following directorys:
%APPFOLDER% (c:/programm files) under the name ffqsdff and under the name Cerebrus or other names to which he changes frequently
Both folders are hidden.
The explorer.exe gets code injected.
as soon as your explorer runs, your system establishes the connection to the ip-adress!!
and no, the ip-adress is not an auth server. cuz as soon as you turn on your pc, the explorer.exe establishes the connection to the ip.
Im not sure if its a worm or what but i need to know how i can get rid of this or block the port from acces. If Mcafee has some options or programs specificlly for this
or is this my problem now? Should i submit the file for inspection? Will Mcafee clean it once it is aware of it? Im just lost i need some help anything will be appreciated. Huge thanks in advance.
Submit the file asap the submision path is here if they say nothing there reply asking for deeper manual inspection and say why.
I showed how to IP block and port blocking can be done in a router and system ports blocked by
You can close an existing port when you want to block remote network access for a system service on your PC.
1 | Open the Firewall settings page. |
2 | Click Ports and System Services. |
3 | From the list of system services, clear the checkbox next to the port that you want to close. |
4 | Click Save. |
Unsure if this helps
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: