# Trojan / Spyware / McAfee



## SkippyOD (16 Jan 2007)

I got infected last night while I was in the process of downloading material (lesson learnt, honesty is the best policy!!!).
Anyway I've read through the numerous posts on spyware, viruses, etc and the software available to remove / protect and hope to be able to sort it out when I get home this evening. 
Last night however I went onto the McAfee help site, have a 3yr McAfee subscription bought from Dell with laptop, and was able to have an online chat with one of their tech guys. Anyay he advised me to unselect system restore, reboot the computer in safe mode, and run the virus scan again. This time it searched around 50000 files rather than the normal 5-7000 but found nothing. When I restarted the laptop this morning I still had a pop-up appearing in the bottom right hand corner telling me that I had a worm / trojan horse and that I should click Ok to install some new software. Luckily I didn't and proceed to read up about it all on AAM. 
Why didn;t the McAfee virus scan pick something up and why was I told to remove system restore and reboot in safe mode? 
Should I go ahead and download the software as discussed on various other sites and uninstall McAfee or keep both runnin and just avoid them clashing. Up to now I had no problem with McAfee.
Any help/words of wisdom appreciated as I'm a long long way from home...
Skippy


----------



## polo9n (16 Jan 2007)

some of the McCafee only picked up Virus, but not spyware or Adware.

the icon telling you to install software can also be a bug, as it ask u to install he software..mostly likely be bug. if McAfee found the virus it will either delete/clean/quaranten it.


----------



## Dearg Doom (16 Jan 2007)

Try getting AdAware and Spybot S&D to clean up the problem. The cause of the problem might not be a 'virus' but some other form of malware and maybe that's why McAfee isn't detecting it. You were told to switch off system restore to prevent 'clever' malware from re-installing itself at each boot. You were told to run in safe mode to minimise the number of services running while you were trying to clean up.


----------



## SkippyOD (16 Jan 2007)

So to compliment McAfee its best to have some spyware protection running as well? Also can you get spyware that stop future attacks as well removing the current ones on your pc?


----------



## SkippyOD (16 Jan 2007)

Dearg Doom,
When should I switch back on teh system restore? When I have managed to delete the adware etc?


----------



## polo9n (16 Jan 2007)

try download the super anti-spyware from download.com
its free and does the job well..
along with McAfee anti-virus ur pc should be clean


----------



## ajapale (16 Jan 2007)

In addition to mcafee I use microsoft windows defender.

I use zonealarm firewall and a script stopper in firefox.


----------



## ClubMan (16 Jan 2007)

It can be difficult to clean up a disk after an infection while the infected hard drive remains in the original _PC _as the boot drive. Sometimes it may be necessary to move the drive into another _PC _temporarily as a non boot drive and clean it there taking care not to open/run anything from the infected drive while it's installed in the second _PC_. Or alternatively boot from a separate _CD _(e.g. something like the Ultimate Boot CD) and then clean up from there before rebooting from the hard drive.


----------



## SkippyOD (16 Jan 2007)

Clubman,
When you say 'boot from a separate cd and then clean up from there' do you mean that the cd actually provides the software to scan and delete any crap? How do you run the software you may have downloaded if you are not booting from the main hard drive?


----------



## Satanta (16 Jan 2007)

SkippyOD said:


> So to compliment McAfee its best to have some spyware protection running as well? Also can you get spyware that stop future attacks as well removing the current ones on your pc?


It's not "best to have", it's essential! 

Anti virus software (in general) does not handle spyware/malware (some have started incorporating this in the system but still the exception rather than the rule. It isn't just McAfee that needs this, most Anti Virus software will.

Use some of the suggestions above to run regular scans on your drive (and do keep the updates updated. Anti virus/anti spyware etc. is only as good as the update you have installed. Hackers etc. keep coming up with new ways around the protection so constant updating is vital!).

You can get software to help stop the problem, spyblaster for example. Running something like this, along with a good fire wall, browsing protection software (sandboxie) etc. etc. (check out the AAM tips for a clean PC) will help keep your PC a little safer. No matter how good you think your protection is, you should still always scan just incase.


----------



## ClubMan (16 Jan 2007)

SkippyOD said:


> Clubman,
> When you say 'boot from a separate cd and then clean up from there' do you mean that the cd actually provides the software to scan and delete any crap?


Yes - a _CD _such as the one that I linked to above contains a bootable copy of _Windows _(well you need your original _Windows CDs _to create the image as per the instructions provided) and a bunch of utilities for doing stuff like cleaning viruses etc. 


> How do you run the software you may have downloaded if you are not booting from the main hard drive?


That is precisely what you *don't *want to do in certain cases of infection. The while point is to disable booting/running from your infected hard drive while you clean it up. Otherwise you could just end up running the infected software.


----------



## Dearg Doom (17 Jan 2007)

SkippyOD said:


> When should I switch back on teh system restore? When I have managed to delete the adware etc?



Yes.


----------



## SkippyOD (17 Jan 2007)

I've successfully downloaded and ran spybot and avg. Both programs found and removed spyware on my laptop and my problem seems to have been sorted - many thanks to everyone that contributed to all the posts on the topic.
2 further questions;
Both however found files that the other didn;t. Does that mean that by installing a 3rd I could find more files that these 2 didn't get?
Also, after being infected for the 1st time are you more susceptible to being re-infected? If up to now I had no problems and by avoiding simialar web-sites and running these programs should i be safe?
I realise now that one can never be 100% safe and that previously i was far from that but do these spyware pests have some way of holding onto you're pc's data/ip addresss etc or anything?
Cheers for all the help so far


----------



## ClubMan (17 Jan 2007)

SkippyOD said:


> Both however found files that the other didn;t. Does that mean that by installing a 3rd I could find more files that these 2 didn't get?


Quite possibly - yes. But bear in mind that you should generally (always?) only have a single virus scanner running in background/on demand mode as otherwise they can clash with each other and cause problems.


> Also, after being infected for the 1st time are you more susceptible to being re-infected?


Not if things are cleaned up completely. Unless the initial infection points up some risk factor that is not addressed (e.g. habitually browsing dodgy websites without using something like Sandboxie).


----------



## Satanta (17 Jan 2007)

SkippyOD said:


> Both however found files that the other didn;t. Does that mean that by installing a 3rd I could find more files that these 2 didn't get?


Yes. Each system is only as good as the coding and the definations it's working off. No one system is perfect so having more gives you more chance of catching all the gaps.....
On the flipside, updating/running too many of them will mean you spend ages doing just this. I'd suggest sticking with a couple of the more popular ones suggested frequently (Ad-aware SE, Spybot Search & Destroy, Spyblaster, AVG (free anti virus and spyware tools available).... also a good AV (McAfee should be just fine) with Zonealarm/Kerio/other firewall running with correct settings) and use them often (and always update!!!). 

If you really are concerned you can download additional Spyware/malware software, but at a point the benefits become negligible. Be careful using multiple AV programmes as conflicts can and do occur!, spyware programmes are not so tempremental so won't/shouldn't cause any issues.

I wouldn't worry too much about them holding onto your IP address, they have far more subtle ways of spreading these things than bombarding single users so I'd suggest you're no more likely than you were before to picking one up. Just hope that this time your protection works.


----------



## Guest124 (18 Jan 2007)

I am running Mcafee Security Center on my P.C. -got the free three years as well. I have no spyware software etc. Which one should I start with?


----------



## Satanta (18 Jan 2007)

It's kind of like asking what car should you buy or what jumper should you wear. A lot of personal taste involved.

Use the thread on keeping your computer clean (here on AAM) to begin with. Anything mentioned there you can be pretty sure is fairly good and clean (don't just randomly download tools/utilities that promise the sun moon and stars without checking them out first. Having them given a thumbs up here on AAM means a user has tried the software and found it good enough to pass on to others). Each of them will have different layouts/interfaces etc. so some people will prefer different tools to others. 

The first three I mentioned in my previous post would be a good place to start (the first two you run manually and the third runs in the background hopefully preventing problems [which the first two will hopefully catch if they do get through]).

Before downloading any of these, I'd suggest your firewall should be the first thing to get! Personally I like Zonealarm or Kerio, but again once it's been suggested by AAM (or another trusted website/forum) it should be ok. As above, only install one firewall and one AV (McAfee) tool [unless you know what your at and have checked the compatibility of the systems]. 

From there, read up on as much of the info available as understanding how it all works is more important than having the right software (e.g. if you don't update any AV/Spyware software it'll be next to useless).


----------



## ClubMan (18 Jan 2007)

Check out [broken link removed] site - it contains some useful reviews of free utilities. There are more tips in the _"clean PC" _thread pinned at the top of this forum.


----------



## Grifter (20 Jan 2007)

ClubMan said:


> Check out [broken link removed] site - it contains some useful reviews of free utilities. There are more tips in the _"clean PC" _thread pinned at the top of this forum.


 
I must agree. This is a great site. In particular check out "EasyCleaner", it is THE best utility I have come across recently. Great for getting rid of all those useless programs on startup that slow your machine down. It also has a great (and stable) registry cleaner.


----------



## ClubMan (20 Jan 2007)

As I mentioned elsewhere I just recenty signed up for his Premium/Supporters Edition at $10 for 12 months and it gives access to his extended list of (mostly) free software reviews and recommendations and an _SE _version of his newsletter. A bargain in my opinion.


----------



## Guest124 (20 Jan 2007)

BroadbandKen said:


> I am running Mcafee Security Center on my P.C. -got the free three years as well. I have no spyware software etc. Which one should I start with?


 
-reckon I will start with Microsoft Windows Defender beta 2 -anybody care to comment?
Seems to me like a good one to start with. It's FREE and it has updates.


----------



## Guest124 (23 Jan 2007)

I downloaded Defender yesterday and ran full scan and all clear.
Sorry if this sounds very basic but every time  I click the Defender icon on my desktop  i get windows defender maintenance wizard and it's like it wants to do an install again. Is it meant tobe like this?
If I go to start and then all programmes it seems to open up normally like all my other programmes.


----------



## Guest125 (23 Jan 2007)

The icon on the desktop is for install only.You can right click it and delete it.There should be an icon in the task bar beside the clock. Right click that icon and then click open main window to acess the programme.


----------



## Guest124 (23 Jan 2007)

Thanks caff the icon does not show on the taskbar because I have "only if windows defender detects an action to take" ticked which is fine.
You have answered my question regards icon on desktop.


----------

