[juke]

I managed to download a virus, last night, I think.

I immediately ran McAfee Security Plan Plus - and it shows this



I ran a Malwarebytes scan - the log says it 'successfully quarantined & deleted' it. I have also downloaded windows security updates.

Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

Thanks.

[ASJ112]

do you have the mbam log ?

[mark renton]

Quote:

Originally Posted by juke

Any McAfee scan since still shows it as a problem - and wants me to buy their software to fix it.

Any ideas on whether that's just McAfee trying to get me to buy the software, or is there still a risk?

Thanks.

mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

anti virus is big business and all the leading players are not shy of stretching the ethical boundaries

[juke]

Here's the log:

Code:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*name* :: *name*-PC [administrator]

14/02/2013 21:33:17
mbam-log-2013-02-14 (21-33-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 216268
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKCR\CLSID\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD1015A-034B-7D31-8110-EDE428079638} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=e5920691-f06b-11e1-be94-1c75089efbbd) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\*name*\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Users\*name*\AppData\Local\Temp\nsr8F74.tmp\setup_magnipic.exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\DH87M84O\pvtzd_agent_setup[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\*name*\Local Settings\Temporary Internet Files\Content.IE5\LQC179BT\uninstaller[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\511d4f5e4abc3.tlb (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\511d4f5e4abc3.dll (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.
C:\ProgramData\MagniPic\uninstall.exe (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

(end)

[ASJ112]

I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.

Folders Detected: 1
C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

[juke]

Quote:

Originally Posted by mark renton

mcafee scan will always show it until you buy it - if you were to remove windows, extract the ram and format the hdd with domestos, mcafee would still show the virus until you buy it

anti virus is big business and all the leading players are not shy of stretching the ethical boundaries

Quote:

Originally Posted by ASJ112

I wouldn't worry about it, magnipic is just unwanted software, not malware. MBAM did delete its folder so am not sure why mcafee is flagging it.

Cheers. All it "seemed" to do was play with my chrome settings - it reloaded already opened tabs, and changed the new tab page.

I was a bit wary because the first Malware full system scan, after that log, crashed, and the next took ages.

[ni@ll]

Any of the bigger antivirus venders love flagging things that would be otherwise considered 'rubbishware' or software that comes bundled with something else that you probably didn't ask for in the first place.

McAfee is a perfect example of rubbishware

It's not an infection.....

[juke]

Another question:

Since Friday the https function on Chrome on gmail & facebook, and possibly other sites isn't working properly.

I keep getting this:



Is this likely to be connected, or is it a whole different problem?

[ni@ll]

Looks like Chrome has changed it's verification feature.

Sounds like useless information because they're not telling you whats insecure.
Do you have any plugins installed on Gmail? I bet it's a third-party plugin that's unsecured...

Actually what it sounds like they're talking about is a DNS Spoofing Attack, say if you look up gmail.google.com if somebody diverts your lookup to their computer first they could display what looks like a gmail login page and when you enter your information it logs the details and passes you on to the original site....

But it really is useless information, it's like you telling me your car is running ok and I walk up, kick the Tyre and say "yeah it's not very reliable though" and just walk away.... Doesn't help you in any way

[juke]

This seems to only be happening on my home pc since I downloaded the magnipic software - it's not happening on my work pc.

I'm using the same bookmarks as before.

Only extensions/plug in's I use are adblock, norton id protect, mcafee site advisor, facebook disconnect

[ni@ll]

Do me a favor, can you check what processes are running on your machine. Can you see anything called 'magnipic'?

[juke]

No - none with that in the name

[ni@ll]

Ok it's just something on the page you're viewing that's not secure, could be a number of things such as a picure, video, javascript content....

clear your cache be going to Menu>Tools>Clear browsing data

Next time it pops up right click on the page and select 'view page info' you should have a tab called media and check if any of the referred links begin with 'http'. If you see any please let me know what the link is (youtube for example)

[juke]

Problem solved - it was mcafee site advisor causing it. Since I've diablsed it, no more problems.

Thanks ni@ll!

[ni@ll]

good stuff, glad you got it sorted