McAfee symbol in system tray is black and states virus scan is disabled.

Posted on 2006-05-16
Last Modified: 2013-12-04
Hey all, hope eveyone is well. I have a problem, I run McAfee Security Suite on my system. But yesterday i noticed the McAfee symbol in the lower right tray is black, and reads disabled when i pass the cursor over it. But when i open McAfee Security Center it states Virusscan is enabled. I'm confused. I ran a complete scan with McAfee, Sby-bot, Webroot Spy Sweeper, Ad-Aware SE Personal but found nothing. Here is my High Jack This Log as well:

 Logfile of HijackThis v1.99.1
Scan saved at 7:26:17 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
c:\program files\\agent\mcdetect.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\\VSO\mcvsshld.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\\Agent\mcagent.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ( Operating System Class) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\\agent\mcdetect.exe
O23 - Service: McShield (McShield) - McAfee Inc. - c:\PROGRA~1\\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Any idea whats going on? As always, your help is always greatly appreciated.
Question by:MisfitDevil99
    LVL 42

    Expert Comment

    link to hijackthis log:

    something i've seen in mcafee before... make sure none of the components, like virusscan, are out of subscription.

    is virusscan the only mcafee component you have?  or do you have the firewall, spam, privacy, etc?
    LVL 42

    Expert Comment

    i dont see anything weird in your hijackthis log.

    Author Comment

    Yeah, i just have the virusscan, but i never got anything stating it was expired?

    Expert Comment

    I have McAfee viruscan also and it goes black on me ocasionally also. My subscription is relatively recent ...  probably no more than 6 months since I installed the new version. I usually go to McAfee Security Center by double clicking he Red/Black M and then click on Virus Scan. Near the top of that screen is the option to enable VirusScan when the M is Black or to disable it if the M is red.

    I have not found out why this is happening ...  and have not looked too hard because it is an infrequent inconvenience.

    Author Comment

    jw.... that doesn't worry you what might be going on with it though?
    LVL 32

    Expert Comment

    I think the icon being black means at least McAfee Service is disabled. If you're running multiple services then the rest could still be enabled.

    Try this link:
    LVL 32

    Expert Comment

    I meant to say "..least one McAfee Service is disabled"
    LVL 6

    Expert Comment

    There is a *little* chance that your computer has been attacked with a virus unknown to McAfee and corrupted it.
    You can scan your computer with some different antivirus (preferably do an online scan, so you won't need to uninstall McAfee while doing that scan, as 2 AV programs won't like each other).
    LVL 47

    Expert Comment

    Have you tried this utillity to fix the missing registry entry:
    LVL 1

    Accepted Solution

    I too am having the exact same problem, I am using the Comcast flavor of McAfee Center (Virus Scanner, Firewall, and Privacy Service used).  It too is stating services enabled when run from Security Service exe., but is a Black M icon in Sys Tray that when moused over says "Virus Scan: Disabled".  I can right-click select "Enable" and it does nothing.

    Went through FAQ's on McAfee, nothing related specifically to my situation.  Went through Chat with McAfee Online support, they sent link to utility for "Black M" :

    I would try that, as there seem to be numerous issues involving the Black M in sys tray, and this utility is their quickest and easiest way to troubleshoot the issue.  If diagnoses a known issue, follow the instructions.

    In my case, utility was inconclusive, said to do full virus scan, and report any errors to technical support.  I did run a full scan, found nothing, had no errors, tech support for McAfee had no answers, other than figuring problem was due to prior installation of Nortorn NAV.  They said to deal with Symantec/Norton for uninstall utility (that is, they passed the buck), but since I had been running McAfee with no errors for past 6 months I knew it wasn't Norton.  

    In general, run the utility.  If inconclusive (i.e, if you pass all tests for known issues shown in log from utility) uninstall all McAfee products, and then re-install.  I did this, and it's working fine.  


    Author Comment

    Thanks all! Sorry for the delay in accepting an answer... i've been away for some time. Thanks Reklis07, i had already did what you suggested last week, and everything seems to be fine. Just like you, i went through the whole tech help speal.. then finally uninstalled/reinstalled etc... and so far so good.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    First let me explain that I am extremely paranoid about computer security issues and computer backup issues.  This means that I only feel safe if I am running unknown programs and visiting unknown sites in a virtual machine.  In that way, if anythin…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now