Solved

VirusScan wont install

Posted on 2006-10-26
10
613 Views
Last Modified: 2011-10-03
Windows XP SP1 (will upgrade to SP2)
Mcafee Internet Security Suite 2007

Hi after slaying two virus's with Prevx I tried to install Mcafee Internet Security Suite 2007.  All the components installed except VirusScan which is my problem.  Is the cause 1 (another undetected virus) or 2 a remnent of something the virus did to this system.  I would value your ideas.

Andreas

PS The customer needs this computer ASAP so timely solutions would be appreciated.
0
Comment
Question by:AndreasHagen
  • 6
  • 2
  • 2
10 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17817574
Try downloading these you can always uninstall these scanners when you're clean.
Have you also tried online scans?

1. Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the check for updates button.
Once the update is finished, close SuperAntispyware again, we'll perform the scan later in safe mode

* Start Superantispyware.
Click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

2. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
0
 

Author Comment

by:AndreasHagen
ID: 17817638
Hiya this is the log generated:  


test - 06-10-27 20:46:30.04    Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\test\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-27 to 2006-10-27  ))))))))))))))))))))))))))))))))))
 
 
2006-10-27      20:29      0      --a------      C:\WINDOWS\system32\CMMGR32.EXE
2006-10-27      18:49      <DIR>      d--------      C:\WINDOWS\McAfee.com
2006-10-27      18:04      84,744      --a------      C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-10-27      16:35      9,728      --a------      C:\WINDOWS\system32\drivers\pxscinst.dll
2006-10-27      16:35      7,680      --a------      C:\WINDOWS\system32\drivers\pxinst.dll
2006-10-27      16:35      7,552      --a------      C:\WINDOWS\system32\drivers\pxcom.sys
2006-10-27      16:35      266,112      --a------      C:\WINDOWS\system32\drivers\pxfsf.sys
2006-10-27      16:35      18,432      --a------      C:\WINDOWS\system32\drivers\pxtdi.sys
2006-10-27      16:35      13,568      --a------      C:\WINDOWS\system32\drivers\pxrd.sys
2006-10-27      16:35      11,648      --a------      C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-27      16:35      100,864      --a------      C:\WINDOWS\system32\drivers\PxEmu.sys
2006-10-27      16:01      37,800      --a------      C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-10-27      16:01      33,896      --a------      C:\WINDOWS\system32\drivers\mfebopk.sys
2006-10-27      16:01      31,560      --a------      C:\WINDOWS\system32\drivers\mferkdk.sys
2006-10-27      16:00      161,768      --a------      C:\WINDOWS\system32\drivers\mfehidk.sys
2006-10-27      16:00      104,536      --a------      C:\WINDOWS\system32\drivers\Mpfp.sys
2006-10-27      14:53      593,408      --a------      C:\WINDOWS\system32\h323msp.dll
2006-10-27      14:53      548,352      --a------      C:\WINDOWS\system32\rtcdll.dll
2006-10-27      14:53      439,808      --a------      C:\WINDOWS\system32\ipnathlp.dll
2006-10-27      14:53      36,864      --a------      C:\WINDOWS\system32\mf3216.dll
2006-10-27      14:53      26,112      --a------      C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-25      15:13      991,232      --a------      C:\WINDOWS\system32\esent.dll
2006-10-25      14:12      22,752      --a------      C:\WINDOWS\system32\spupdsvc.exe
2006-10-25      13:02      7,680      ---------      C:\WINDOWS\system32\bitsprx2.dll
2006-10-25      13:02      7,168      ---------      C:\WINDOWS\system32\bitsprx3.dll
2006-10-25      13:02      331,776      --a------      C:\WINDOWS\system32\winhttp.dll
2006-10-25      13:02      17,408      --a------      C:\WINDOWS\system32\qmgrprxy.dll
2006-10-25      12:44      465,176      --a------      C:\WINDOWS\system32\wuapi.dll
2006-10-25      12:44      41,240      --a------      C:\WINDOWS\system32\wups.dll
2006-10-25      12:44      194,328      --a------      C:\WINDOWS\system32\wuaueng1.dll
2006-10-25      12:44      173,536      --a------      C:\WINDOWS\system32\wuweb.dll
2006-10-25      12:44      172,312      --a------      C:\WINDOWS\system32\wuauclt1.exe
2006-10-25      12:44      127,256      --a------      C:\WINDOWS\system32\wucltui.dll
2006-10-22      19:24      5,632      --a------      C:\WINDOWS\system32\ptpusb.dll
2006-10-22      19:24      150,528      --a------      C:\WINDOWS\system32\ptpusd.dll
2006-10-22      19:24      14,208      --a------      C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-22      14:00      21,760      --a------      C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-22      13:58      198,424      --a------      C:\WINDOWS\system32\iuengine.dll
2006-10-06      00:27      80,272      --a------      C:\WINDOWS\system32\drivers\sscdbus.sys
2006-10-06      00:27      137,884      --a------      C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcm.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwh.sys
2006-10-06      00:27      10,864      --a------      C:\WINDOWS\system32\drivers\sscdmdfl.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))      


2006-10-27 20:45      --------      d--------      C:\Program Files\Prevx1
2006-10-27 20:25      --------      d--------      C:\Program Files\SUPERAntiSpyware
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files
2006-10-27 20:25      --------      d--------      C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
2006-10-27 18:36      --------      d--------      C:\Program Files\Common Files\McAfee
2006-10-27 18:35      --------      d--------      C:\Program Files\McAfee
2006-10-27 17:27      --------      d--------      C:\Documents and Settings\test\Application Data\MSN6
2006-10-27 17:05      --------      d--------      C:\Documents and Settings\test\Application Data\Prevx
2006-10-27 16:08      --------      d---s----      C:\Documents and Settings\test\Application Data\Microsoft
2006-10-27 15:02      --------      d--------      C:\Program Files\Outlook Express
2006-10-27 15:02      --------      d--------      C:\Program Files\Common Files\System
2006-10-27 15:01      --------      d--------      C:\Program Files\Windows Media Player
2006-10-27 14:54      --------      d--------      C:\Program Files\NetMeeting
2006-10-27 14:54      --------      d--------      C:\Program Files\Messenger
2006-10-27 14:51      --------      d--------      C:\Program Files\Internet Explorer
2006-10-27 14:30      --------      d--h-----      C:\Program Files\WindowsUpdate
2006-10-27 14:11      --------      d--------      C:\Documents and Settings\test\Application Data\Sun
2006-10-27 14:07      --------      d--------      C:\Documents and Settings\test\Application Data\Macromedia
2006-10-27 12:03      --------      d--------      C:\Documents and Settings\test\Application Data\Identities
2006-10-27 02:25      --------      d--------      C:\Program Files\OpenOffice.org1.1.4
2006-10-09 16:59      --------      d--------      C:\Program Files\MSN
2006-10-09 16:55      --------      d--------      C:\Program Files\Movie Maker
2006-10-07 11:41      --------      d--h-----      C:\Program Files\InstallShield Installation Information
2006-10-06 00:27      --------      d--------      C:\Program Files\Samsung
2006-10-06 00:27      --------      d--------      C:\Program Files\Common Files\InstallShield
2006-09-12 22:09      1110528      --a------      C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:53      561664      --a------      C:\WINDOWS\system32\comctl32.dll
2006-08-25 02:14      595968      --a------      C:\WINDOWS\system32\xpsp2res.dll
2006-08-19 19:20      69632      --a------      C:\WINDOWS\uinst001.exe
2006-08-19 19:04      0      -rahs----      C:\MSDOS.SYS
2006-08-19 19:04      0      -rahs----      C:\IO.SYS
2006-08-19 19:04      0      --a------      C:\CONFIG.SYS
2006-08-19 19:04      0      --a------      C:\AUTOEXEC.BAT
2006-08-19 11:54      62      --ahs----      C:\Documents and Settings\test\Application Data\desktop.ini
2006-08-16 05:14      95232      --a------      C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:14      70656      --a------      C:\WINDOWS\system32\ws2_32.dll
2006-08-16 05:14      54272      --a------      C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 05:14      31232      --a------      C:\WINDOWS\system32\inetmib1.dll
2006-08-16 05:14      13312      --a------      C:\WINDOWS\system32\wship6.dll
2006-08-16 02:42      159232      --a------      C:\WINDOWS\system32\xpob2res.dll
2006-08-16 02:28      48640      --a------      C:\WINDOWS\system32\ipv6.exe
2006-08-16 02:27      83456      --a------      C:\WINDOWS\system32\netsh.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LTMSG"="LTMSG.exe 7"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_08\\bin\\jusched.exe"
"0025791161889444mcinstcleanup"="C:\\DOCUME~1\\dollar\\LOCALS~1\\Temp\\002579~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]      
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-27 20:47:40.71
C:\ComboFix.txt ... 06-10-27 20:47
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 250 total points
ID: 17817768
AndreasHagen hi again, first please disconnect from the internet until you have completed any scans. It will you chance to stop them from coming back.
Was Mcafee Internet Security Suite 2007 your choice?
It is a rather strong force to the point it controls your machine.
You could consider using AVG free for the time being as it does only what its supposed to do stop or kill viruses, Mcfee is also a firewall and plus some more and may give you a headache atm trying to get it to work.

http://free.grisoft.com/freeweb.php/doc/2/
use ccleaner to clean out the crap after you shut off the internet temporarily.
http://www.softpedia.com/get/Security/Secure-cleaning/CCleaner.shtml
once the  scans come up clean check your security levels in IE.
empty the bins in recycle and outlook express.

Install spyware blaster as a great defence, once installed update it and then enable all protection.

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
http://www.snapfiles.com/get/spywareblaster.html

Cheers M
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:AndreasHagen
ID: 17817857
Hi Merete,

thanks for your reply ... the customer wanted Mcafee.

I will implement those ideas.

Andreas
0
 

Author Comment

by:AndreasHagen
ID: 17821116
I've disabled system restore and disconnected the system from the web.  

But AVG still has not detected any viruses ... it is only about 25% through scanning though.  

If it detects nothing is it likely a setting that is preventing installation?

Or maybe I should just be patient ;-)
0
 

Author Comment

by:AndreasHagen
ID: 17821212
*** No virus' found ***
0
 

Author Comment

by:AndreasHagen
ID: 17822002
I'll install sp2 and see if that makes a difference
0
 

Author Comment

by:AndreasHagen
ID: 17822986
I figured it out ... the two virus' were removed by prevx, and they caused the install to fail ... what I failed to do was uninstall all the security software afterwards so that I could install MCAFEE --- this product is fussy about things like that.

Thank you both for you time and efforts.
0
 
LVL 70

Expert Comment

by:Merete
ID: 17823053
Yes indeed, it is a standard for Mcfee and Norton all previous AV must be uninstalled.
Glad it finally a win win.
Best wishes
Merete
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17825287
Yeah some antivirus are a little too fussy.
Glad to know you've sorted it all out. Good job!

Thanks.
Happy computing!

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question