[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1594
  • Last Modified:

McAfee symbol in system tray is black and states virus scan is disabled.

Hey all, hope eveyone is well. I have a problem, I run McAfee Security Suite on my system. But yesterday i noticed the McAfee symbol in the lower right tray is black, and reads disabled when i pass the cursor over it. But when i open McAfee Security Center it states Virusscan is enabled. I'm confused. I ran a complete scan with McAfee, Sby-bot, Webroot Spy Sweeper, Ad-Aware SE Personal but found nothing. Here is my High Jack This Log as well:

 Logfile of HijackThis v1.99.1
Scan saved at 7:26:17 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Any idea whats going on? As always, your help is always greatly appreciated.
0
MisfitDevil99
Asked:
MisfitDevil99
  • 3
  • 2
  • 2
  • +4
1 Solution
 
zephyr_hex (Megan)DeveloperCommented:
link to hijackthis log:
http://www.hijackthis.de/logfiles/3bf8096270c6d705f75d564947b8fd9e.html

something i've seen in mcafee before... make sure none of the components, like virusscan, are out of subscription.

is virusscan the only mcafee component you have?  or do you have the firewall, spam, privacy, etc?
0
 
zephyr_hex (Megan)DeveloperCommented:
i dont see anything weird in your hijackthis log.
0
 
MisfitDevil99Author Commented:
Yeah, i just have the virusscan, but i never got anything stating it was expired?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
jwmarkertCommented:
I have McAfee viruscan also and it goes black on me ocasionally also. My subscription is relatively recent ...  probably no more than 6 months since I installed the new version. I usually go to McAfee Security Center by double clicking he Red/Black M and then click on Virus Scan. Near the top of that screen is the option to enable VirusScan when the M is Black or to disable it if the M is red.

I have not found out why this is happening ...  and have not looked too hard because it is an infrequent inconvenience.
0
 
MisfitDevil99Author Commented:
jw.... that doesn't worry you what might be going on with it though?
0
 
r-kCommented:
I think the icon being black means at least McAfee Service is disabled. If you're running multiple services then the rest could still be enabled.

Try this link: http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=1072767&l=en&langid=1&c=us&cs=19&s=dhs
0
 
r-kCommented:
I meant to say "..least one McAfee Service is disabled"
0
 
CyberGhostCommented:
There is a *little* chance that your computer has been attacked with a virus unknown to McAfee and corrupted it.
You can scan your computer with some different antivirus (preferably do an online scan, so you won't need to uninstall McAfee while doing that scan, as 2 AV programs won't like each other).
0
 
rpggamergirlCommented:
Have you tried this utillity to fix the missing registry entry:
http://forums.mcafeehelp.com/viewtopic.php?t=45967&sid=048473be2dbcca674856a506c353adea
0
 
Reklis07Commented:
I too am having the exact same problem, I am using the Comcast flavor of McAfee Center (Virus Scanner, Firewall, and Privacy Service used).  It too is stating services enabled when run from Security Service exe., but is a Black M icon in Sys Tray that when moused over says "Virus Scan: Disabled".  I can right-click select "Enable" and it does nothing.

Went through FAQ's on McAfee, nothing related specifically to my situation.  Went through Chat with McAfee Online support, they sent link to utility for "Black M" :

http://ts.mcafeehelp.com/displaydoc.asp?frames=1&docid=398586&CategoryId=243&Search=1

I would try that, as there seem to be numerous issues involving the Black M in sys tray, and this utility is their quickest and easiest way to troubleshoot the issue.  If diagnoses a known issue, follow the instructions.

In my case, utility was inconclusive, said to do full virus scan, and report any errors to technical support.  I did run a full scan, found nothing, had no errors, tech support for McAfee had no answers, other than figuring problem was due to prior installation of Nortorn NAV.  They said to deal with Symantec/Norton for uninstall utility (that is, they passed the buck), but since I had been running McAfee with no errors for past 6 months I knew it wasn't Norton.  

In general, run the utility.  If inconclusive (i.e, if you pass all tests for known issues shown in log from utility) uninstall all McAfee products, and then re-install.  I did this, and it's working fine.  




0
 
MisfitDevil99Author Commented:
Thanks all! Sorry for the delay in accepting an answer... i've been away for some time. Thanks Reklis07, i had already did what you suggested last week, and everything seems to be fine. Just like you, i went through the whole tech help speal.. then finally uninstalled/reinstalled etc... and so far so good.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now