Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Have I deleted a virus successfully?

  • 15-02-2013 7:27pm
    #1
    Registered Users Posts: 1,673 ✭✭✭juke


    I managed to download a virus, last night, I think.

    I immediately ran McAfee Security Plan Plus - and it shows this

    Capture_39.png

    I ran a Malwarebytes scan - the log says it 'successfully quarantined & deleted' it. I have also downloaded windows security updates.

    Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

    Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

    Thanks.


Comments

  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    do you have the mbam log ?


  • Closed Accounts Posts: 2,696 ✭✭✭mark renton


    juke wrote: »

    Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

    Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

    Thanks.
    mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

    anti virus is big business and all the leading players are not shy of stretching the ethical boundaries


  • Registered Users Posts: 1,673 ✭✭✭juke


    Here's the log:
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    
    Database version: v2013.02.14.08
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    *name* :: *name*-PC [administrator]
    
    14/02/2013 21:33:17
    mbam-log-2013-02-14 (21-33-17).txt
    
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled: 
    Objects scanned: 216268
    Time elapsed: 3 minute(s), 42 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 11
    HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    HKCR\CLSID\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=e5920691-f06b-11e1-be94-1c75089efbbd) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    
    Folders Detected: 1
    C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    
    Files Detected: 9
    C:\Users\*name*\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Users\*name*\AppData\Local\Temp\nsr8F74.tmp\setup_magnipic.exe (PUP.Offerware) -> Quarantined and deleted successfully.
    C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\DH87M84O\pvtzd_agent_setup[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
    C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\LQC179BT\uninstaller[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\ProgramData\MagniPic\511d4f5e4abc3.tlb (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    C:\ProgramData\MagniPic\511d4f5e4abc3.dll (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    C:\ProgramData\MagniPic\uninstall.exe (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
    
    (end)
    


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.

    Folders Detected: 1
    C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.


  • Registered Users Posts: 1,673 ✭✭✭juke


    mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

    anti virus is big business and all the leading players are not shy of stretching the ethical boundaries
    ASJ112 wrote: »
    I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.

    Cheers. All it "seemed" to do was play with my chrome settings - it reloaded already opened tabs, and changed the new tab page.

    I was a bit wary because the first Malware full system scan, after that log, crashed, and the next took ages.


  • Advertisement


  • Any of the bigger antivirus venders love flagging things that would be otherwise considered 'rubbishware' or software that comes bundled with something else that you probably didn't ask for in the first place.

    McAfee is a perfect example of rubbishware ;)

    It's not an infection.....


  • Registered Users Posts: 1,673 ✭✭✭juke


    Another question:

    Since Friday the https function on Chrome on gmail & facebook, and possibly other sites isn't working properly.

    I keep getting this:

    Capture_41.png

    Is this likely to be connected, or is it a whole different problem?




  • Looks like Chrome has changed it's verification feature.

    Sounds like useless information because they're not telling you whats insecure.
    Do you have any plugins installed on Gmail? I bet it's a third-party plugin that's unsecured...

    Actually what it sounds like they're talking about is a DNS Spoofing Attack, say if you look up gmail.google.com if somebody diverts your lookup to their computer first they could display what looks like a gmail login page and when you enter your information it logs the details and passes you on to the original site....

    But it really is useless information, it's like you telling me your car is running ok and I walk up, kick the Tyre and say "yeah it's not very reliable though" and just walk away.... Doesn't help you in any way


  • Registered Users Posts: 1,673 ✭✭✭juke


    This seems to only be happening on my home pc since I downloaded the magnipic software - it's not happening on my work pc.

    I'm using the same bookmarks as before.

    Only extensions/plug in's I use are adblock, norton id protect, mcafee site advisor, facebook disconnect




  • Do me a favor, can you check what processes are running on your machine. Can you see anything called 'magnipic'?


  • Advertisement
  • Registered Users Posts: 1,673 ✭✭✭juke


    No - none with that in the name




  • Ok it's just something on the page you're viewing that's not secure, could be a number of things such as a picure, video, javascript content....

    clear your cache be going to Menu>Tools>Clear browsing data

    Next time it pops up right click on the page and select 'view page info' you should have a tab called media and check if any of the referred links begin with 'http'. If you see any please let me know what the link is (youtube for example)


  • Registered Users Posts: 1,673 ✭✭✭juke


    Problem solved - it was mcafee site advisor causing it. Since I've diablsed it, no more problems.

    Thanks Randall Beautiful Refrigeration!




  • good stuff, glad you got it sorted :)


Advertisement