Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
McAfee antivirus being automatically disabled
- Thread starter ruster
- Start date
THis may be a failing point on a less than up-to-date scan engine. The current engine is V8.
You might give McAfee AVERT Stinger a try. It incorporates (and showcases) their latest scan engine technology to detect and remove 40 specific viruses;
[NOTE: There are other specialized tools also available as well: ]
Otherwise try and get a second opinion from an online virus scanner such as 'Housecall':
Make sure that you disable your current antivirus when running an alternate AV tool.
You might give McAfee AVERT Stinger a try. It incorporates (and showcases) their latest scan engine technology to detect and remove 40 specific viruses;
[NOTE: There are other specialized tools also available as well: ]
Otherwise try and get a second opinion from an online virus scanner such as 'Housecall':
Make sure that you disable your current antivirus when running an alternate AV tool.
- Thread starter
- #3
I have tried stinger with no avail. As well, the client has an alternate site with the same issue, with McAfee 7.x Virusscan. Same thing, the virusscan does not detect the existance of a virus. I will try housecall and see how it goes. Could this be a trojan of sort. There seems to be a correlation with internet explorer. If I activate the McAfee virusscan, and run internet explorer, accessing a web page causes the virusscan to disable.
Any good (free) trojan detection tools you recommend.
Ruster
Any good (free) trojan detection tools you recommend.
Ruster
Sorry, can't suggest any other detection tools, but have you tried using the command line scanner from the VirusScan engine? It is SCAN.EXE, probably in the Program Files\Common Files\Network Associates\Engine\ folder. SCAN /? will show the cmdline options.
This should use the full DAT files currently installed on the PC (I think Stinger uses its own). Also, as it doesn't rely on the Mcshield service to do the work, it might not be affected by whatever has been killing your scanner up to now.
Have you been able to update to the latest DATs and engine? If not, you could try getting a copy of the latest superdat and running it on the machine.
This should use the full DAT files currently installed on the PC (I think Stinger uses its own). Also, as it doesn't rely on the Mcshield service to do the work, it might not be affected by whatever has been killing your scanner up to now.
Have you been able to update to the latest DATs and engine? If not, you could try getting a copy of the latest superdat and running it on the machine.
- Thread starter
- #5
Try the following trojan software review. They recommend 6 out of 42 identified candidates. This review has been around over a year and was updated in May 2004.
Most have a 30 day trail period:
In case you have a rogue EXE or DLL runnning, I would also suggest running 'Process Explorer' (and/or 'Hijackthis').
Sort on 'company name'. This and the 'description' column is particularly more helpful than 'TaskManager' content.
Most have a 30 day trail period:
In case you have a rogue EXE or DLL runnning, I would also suggest running 'Process Explorer' (and/or 'Hijackthis').
Sort on 'company name'. This and the 'description' column is particularly more helpful than 'TaskManager' content.
I ran into a similar issue with one of the share jumping viruses at one of our branch locations about a year ago. I was able to get through it by renaming the scan.exe file to myname.exe and running it with the /all and /adf switches in command mode.
Something that you didn't mention, so I have to ask. You say the machine is running 4.5.1. Is SP1 also installed? If not, McAfee will not catch many of the more modern bugs.
"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."
"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
Something that you didn't mention, so I have to ask. You say the machine is running 4.5.1. Is SP1 also installed? If not, McAfee will not catch many of the more modern bugs.
"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."
"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
Try this link and see if it helps.
Sysclean from trend micro picks up a lot of stuff, i have found stinger to be a bit pants personally but sysclean will pick up a lot more - you can download it here - you'll also need the latest pattern file
Check your processes and see if there's a winmon.exe running on the computer. Usually it attacks W2k and XP computers along with their server equivalent. This one apparently is also showing up on some Windows 98 computers.
This showed up in China over the weekend. It wasn't being detected as adware or a virus. I sent a sample to McAfee and they came back with an extra.dat this morning. It's a new varient of W32/GAOBOT.WORM.GEN. It shuts down virus processes if it get's there before the dat file does.
Odd thing is the 98 computers, normally it's computers that haven't been patched for MS03-001, MS03-026, and MS03-007 that get it.
This showed up in China over the weekend. It wasn't being detected as adware or a virus. I sent a sample to McAfee and they came back with an extra.dat this morning. It's a new varient of W32/GAOBOT.WORM.GEN. It shuts down virus processes if it get's there before the dat file does.
Odd thing is the 98 computers, normally it's computers that haven't been patched for MS03-001, MS03-026, and MS03-007 that get it.
- Status