Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
15-02-2013, 19:27   #1
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
Have I deleted a virus successfully?

I managed to download a virus, last night, I think.

I immediately ran McAfee Security Plan Plus - and it shows this



I ran a Malwarebytes scan - the log says it 'successfully quarantined & deleted' it. I have also downloaded windows security updates.

Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

Thanks.
juke is offline  
Advertisement
15-02-2013, 23:34   #2
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
do you have the mbam log ?
ASJ112 is offline  
Thanks from:
15-02-2013, 23:40   #3
mark renton
Closed Account
 
Join Date: Feb 2008
Posts: 2,652
Quote:
Originally Posted by juke View Post

Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

Thanks.
mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

anti virus is big business and all the leading players are not shy of stretching the ethical boundaries
mark renton is offline  
(2) thanks from:
16-02-2013, 10:21   #4
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
Here's the log:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*name* :: *name*-PC [administrator]

14/02/2013 21:33:17
mbam-log-2013-02-14 (21-33-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 216268
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKCR\CLSID\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=e5920691-f06b-11e1-be94-1c75089efbbd) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\*name*\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Users\*name*\AppData\Local\Temp\nsr8F74.tmp\setup_magnipic.exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\DH87M84O\pvtzd_agent_setup[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\LQC179BT\uninstaller[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\511d4f5e4abc3.tlb (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\511d4f5e4abc3.dll (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\uninstall.exe (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

(end)
juke is offline  
16-02-2013, 10:41   #5
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.

Folders Detected: 1
C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
ASJ112 is offline  
Thanks from:
Advertisement
16-02-2013, 10:58   #6
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
Quote:
Originally Posted by mark renton View Post
mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

anti virus is big business and all the leading players are not shy of stretching the ethical boundaries
Quote:
Originally Posted by ASJ112 View Post
I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.
Cheers. All it "seemed" to do was play with my chrome settings - it reloaded already opened tabs, and changed the new tab page.

I was a bit wary because the first Malware full system scan, after that log, crashed, and the next took ages.
juke is offline  
Thanks from:
17-02-2013, 19:27   #7
ni@ll
Registered User
 
Join Date: Jun 2008
Posts: 185
Any of the bigger antivirus venders love flagging things that would be otherwise considered 'rubbishware' or software that comes bundled with something else that you probably didn't ask for in the first place.

McAfee is a perfect example of rubbishware

It's not an infection.....
ni@ll is offline  
Thanks from:
18-02-2013, 11:55   #8
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
Another question:

Since Friday the https function on Chrome on gmail & facebook, and possibly other sites isn't working properly.

I keep getting this:



Is this likely to be connected, or is it a whole different problem?
juke is offline  
18-02-2013, 12:43   #9
ni@ll
Registered User
 
Join Date: Jun 2008
Posts: 185
Looks like Chrome has changed it's verification feature.

Sounds like useless information because they're not telling you whats insecure.
Do you have any plugins installed on Gmail? I bet it's a third-party plugin that's unsecured...

Actually what it sounds like they're talking about is a DNS Spoofing Attack, say if you look up gmail.google.com if somebody diverts your lookup to their computer first they could display what looks like a gmail login page and when you enter your information it logs the details and passes you on to the original site....

But it really is useless information, it's like you telling me your car is running ok and I walk up, kick the Tyre and say "yeah it's not very reliable though" and just walk away.... Doesn't help you in any way
ni@ll is offline  
Advertisement
18-02-2013, 14:10   #10
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
This seems to only be happening on my home pc since I downloaded the magnipic software - it's not happening on my work pc.

I'm using the same bookmarks as before.

Only extensions/plug in's I use are adblock, norton id protect, mcafee site advisor, facebook disconnect
juke is offline  
18-02-2013, 14:28   #11
ni@ll
Registered User
 
Join Date: Jun 2008
Posts: 185
Do me a favor, can you check what processes are running on your machine. Can you see anything called 'magnipic'?
ni@ll is offline  
18-02-2013, 14:44   #12
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
No - none with that in the name
juke is offline  
18-02-2013, 16:08   #13
ni@ll
Registered User
 
Join Date: Jun 2008
Posts: 185
Ok it's just something on the page you're viewing that's not secure, could be a number of things such as a picure, video, javascript content....

clear your cache be going to Menu>Tools>Clear browsing data

Next time it pops up right click on the page and select 'view page info' you should have a tab called media and check if any of the referred links begin with 'http'. If you see any please let me know what the link is (youtube for example)
ni@ll is offline  
Thanks from:
18-02-2013, 19:39   #14
juke
Registered User
 
juke's Avatar
 
Join Date: Aug 2007
Location: In my special place
Posts: 1,108
Problem solved - it was mcafee site advisor causing it. Since I've diablsed it, no more problems.

Thanks ni@ll!
juke is offline  
18-02-2013, 20:07   #15
ni@ll
Registered User
 
Join Date: Jun 2008
Posts: 185
good stuff, glad you got it sorted
ni@ll is offline  
Thanks from:
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet