Solved

VirusScan wont install

Posted on 2006-10-26
10
604 Views
Last Modified: 2011-10-03
Windows XP SP1 (will upgrade to SP2)
Mcafee Internet Security Suite 2007

Hi after slaying two virus's with Prevx I tried to install Mcafee Internet Security Suite 2007.  All the components installed except VirusScan which is my problem.  Is the cause 1 (another undetected virus) or 2 a remnent of something the virus did to this system.  I would value your ideas.

Andreas

PS The customer needs this computer ASAP so timely solutions would be appreciated.
0
Comment
Question by:AndreasHagen
  • 6
  • 2
  • 2
10 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 17817574
Try downloading these you can always uninstall these scanners when you're clean.
Have you also tried online scans?

1. Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the check for updates button.
Once the update is finished, close SuperAntispyware again, we'll perform the scan later in safe mode

* Start Superantispyware.
Click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

2. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
0
 

Author Comment

by:AndreasHagen
ID: 17817638
Hiya this is the log generated:  


test - 06-10-27 20:46:30.04    Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\test\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-27 to 2006-10-27  ))))))))))))))))))))))))))))))))))
 
 
2006-10-27      20:29      0      --a------      C:\WINDOWS\system32\CMMGR32.EXE
2006-10-27      18:49      <DIR>      d--------      C:\WINDOWS\McAfee.com
2006-10-27      18:04      84,744      --a------      C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-10-27      16:35      9,728      --a------      C:\WINDOWS\system32\drivers\pxscinst.dll
2006-10-27      16:35      7,680      --a------      C:\WINDOWS\system32\drivers\pxinst.dll
2006-10-27      16:35      7,552      --a------      C:\WINDOWS\system32\drivers\pxcom.sys
2006-10-27      16:35      266,112      --a------      C:\WINDOWS\system32\drivers\pxfsf.sys
2006-10-27      16:35      18,432      --a------      C:\WINDOWS\system32\drivers\pxtdi.sys
2006-10-27      16:35      13,568      --a------      C:\WINDOWS\system32\drivers\pxrd.sys
2006-10-27      16:35      11,648      --a------      C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-27      16:35      100,864      --a------      C:\WINDOWS\system32\drivers\PxEmu.sys
2006-10-27      16:01      37,800      --a------      C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-10-27      16:01      33,896      --a------      C:\WINDOWS\system32\drivers\mfebopk.sys
2006-10-27      16:01      31,560      --a------      C:\WINDOWS\system32\drivers\mferkdk.sys
2006-10-27      16:00      161,768      --a------      C:\WINDOWS\system32\drivers\mfehidk.sys
2006-10-27      16:00      104,536      --a------      C:\WINDOWS\system32\drivers\Mpfp.sys
2006-10-27      14:53      593,408      --a------      C:\WINDOWS\system32\h323msp.dll
2006-10-27      14:53      548,352      --a------      C:\WINDOWS\system32\rtcdll.dll
2006-10-27      14:53      439,808      --a------      C:\WINDOWS\system32\ipnathlp.dll
2006-10-27      14:53      36,864      --a------      C:\WINDOWS\system32\mf3216.dll
2006-10-27      14:53      26,112      --a------      C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-25      15:13      991,232      --a------      C:\WINDOWS\system32\esent.dll
2006-10-25      14:12      22,752      --a------      C:\WINDOWS\system32\spupdsvc.exe
2006-10-25      13:02      7,680      ---------      C:\WINDOWS\system32\bitsprx2.dll
2006-10-25      13:02      7,168      ---------      C:\WINDOWS\system32\bitsprx3.dll
2006-10-25      13:02      331,776      --a------      C:\WINDOWS\system32\winhttp.dll
2006-10-25      13:02      17,408      --a------      C:\WINDOWS\system32\qmgrprxy.dll
2006-10-25      12:44      465,176      --a------      C:\WINDOWS\system32\wuapi.dll
2006-10-25      12:44      41,240      --a------      C:\WINDOWS\system32\wups.dll
2006-10-25      12:44      194,328      --a------      C:\WINDOWS\system32\wuaueng1.dll
2006-10-25      12:44      173,536      --a------      C:\WINDOWS\system32\wuweb.dll
2006-10-25      12:44      172,312      --a------      C:\WINDOWS\system32\wuauclt1.exe
2006-10-25      12:44      127,256      --a------      C:\WINDOWS\system32\wucltui.dll
2006-10-22      19:24      5,632      --a------      C:\WINDOWS\system32\ptpusb.dll
2006-10-22      19:24      150,528      --a------      C:\WINDOWS\system32\ptpusd.dll
2006-10-22      19:24      14,208      --a------      C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-22      14:00      21,760      --a------      C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-22      13:58      198,424      --a------      C:\WINDOWS\system32\iuengine.dll
2006-10-06      00:27      80,272      --a------      C:\WINDOWS\system32\drivers\sscdbus.sys
2006-10-06      00:27      137,884      --a------      C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcm.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwh.sys
2006-10-06      00:27      10,864      --a------      C:\WINDOWS\system32\drivers\sscdmdfl.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))      


2006-10-27 20:45      --------      d--------      C:\Program Files\Prevx1
2006-10-27 20:25      --------      d--------      C:\Program Files\SUPERAntiSpyware
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files
2006-10-27 20:25      --------      d--------      C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
2006-10-27 18:36      --------      d--------      C:\Program Files\Common Files\McAfee
2006-10-27 18:35      --------      d--------      C:\Program Files\McAfee
2006-10-27 17:27      --------      d--------      C:\Documents and Settings\test\Application Data\MSN6
2006-10-27 17:05      --------      d--------      C:\Documents and Settings\test\Application Data\Prevx
2006-10-27 16:08      --------      d---s----      C:\Documents and Settings\test\Application Data\Microsoft
2006-10-27 15:02      --------      d--------      C:\Program Files\Outlook Express
2006-10-27 15:02      --------      d--------      C:\Program Files\Common Files\System
2006-10-27 15:01      --------      d--------      C:\Program Files\Windows Media Player
2006-10-27 14:54      --------      d--------      C:\Program Files\NetMeeting
2006-10-27 14:54      --------      d--------      C:\Program Files\Messenger
2006-10-27 14:51      --------      d--------      C:\Program Files\Internet Explorer
2006-10-27 14:30      --------      d--h-----      C:\Program Files\WindowsUpdate
2006-10-27 14:11      --------      d--------      C:\Documents and Settings\test\Application Data\Sun
2006-10-27 14:07      --------      d--------      C:\Documents and Settings\test\Application Data\Macromedia
2006-10-27 12:03      --------      d--------      C:\Documents and Settings\test\Application Data\Identities
2006-10-27 02:25      --------      d--------      C:\Program Files\OpenOffice.org1.1.4
2006-10-09 16:59      --------      d--------      C:\Program Files\MSN
2006-10-09 16:55      --------      d--------      C:\Program Files\Movie Maker
2006-10-07 11:41      --------      d--h-----      C:\Program Files\InstallShield Installation Information
2006-10-06 00:27      --------      d--------      C:\Program Files\Samsung
2006-10-06 00:27      --------      d--------      C:\Program Files\Common Files\InstallShield
2006-09-12 22:09      1110528      --a------      C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:53      561664      --a------      C:\WINDOWS\system32\comctl32.dll
2006-08-25 02:14      595968      --a------      C:\WINDOWS\system32\xpsp2res.dll
2006-08-19 19:20      69632      --a------      C:\WINDOWS\uinst001.exe
2006-08-19 19:04      0      -rahs----      C:\MSDOS.SYS
2006-08-19 19:04      0      -rahs----      C:\IO.SYS
2006-08-19 19:04      0      --a------      C:\CONFIG.SYS
2006-08-19 19:04      0      --a------      C:\AUTOEXEC.BAT
2006-08-19 11:54      62      --ahs----      C:\Documents and Settings\test\Application Data\desktop.ini
2006-08-16 05:14      95232      --a------      C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:14      70656      --a------      C:\WINDOWS\system32\ws2_32.dll
2006-08-16 05:14      54272      --a------      C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 05:14      31232      --a------      C:\WINDOWS\system32\inetmib1.dll
2006-08-16 05:14      13312      --a------      C:\WINDOWS\system32\wship6.dll
2006-08-16 02:42      159232      --a------      C:\WINDOWS\system32\xpob2res.dll
2006-08-16 02:28      48640      --a------      C:\WINDOWS\system32\ipv6.exe
2006-08-16 02:27      83456      --a------      C:\WINDOWS\system32\netsh.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LTMSG"="LTMSG.exe 7"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_08\\bin\\jusched.exe"
"0025791161889444mcinstcleanup"="C:\\DOCUME~1\\dollar\\LOCALS~1\\Temp\\002579~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]      
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-27 20:47:40.71
C:\ComboFix.txt ... 06-10-27 20:47
0
 
LVL 69

Assisted Solution

by:Merete
Merete earned 250 total points
ID: 17817768
AndreasHagen hi again, first please disconnect from the internet until you have completed any scans. It will you chance to stop them from coming back.
Was Mcafee Internet Security Suite 2007 your choice?
It is a rather strong force to the point it controls your machine.
You could consider using AVG free for the time being as it does only what its supposed to do stop or kill viruses, Mcfee is also a firewall and plus some more and may give you a headache atm trying to get it to work.

http://free.grisoft.com/freeweb.php/doc/2/
use ccleaner to clean out the crap after you shut off the internet temporarily.
http://www.softpedia.com/get/Security/Secure-cleaning/CCleaner.shtml
once the  scans come up clean check your security levels in IE.
empty the bins in recycle and outlook express.

Install spyware blaster as a great defence, once installed update it and then enable all protection.

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
http://www.snapfiles.com/get/spywareblaster.html

Cheers M
0
 

Author Comment

by:AndreasHagen
ID: 17817857
Hi Merete,

thanks for your reply ... the customer wanted Mcafee.

I will implement those ideas.

Andreas
0
 

Author Comment

by:AndreasHagen
ID: 17821116
I've disabled system restore and disconnected the system from the web.  

But AVG still has not detected any viruses ... it is only about 25% through scanning though.  

If it detects nothing is it likely a setting that is preventing installation?

Or maybe I should just be patient ;-)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:AndreasHagen
ID: 17821212
*** No virus' found ***
0
 

Author Comment

by:AndreasHagen
ID: 17822002
I'll install sp2 and see if that makes a difference
0
 

Author Comment

by:AndreasHagen
ID: 17822986
I figured it out ... the two virus' were removed by prevx, and they caused the install to fail ... what I failed to do was uninstall all the security software afterwards so that I could install MCAFEE --- this product is fussy about things like that.

Thank you both for you time and efforts.
0
 
LVL 69

Expert Comment

by:Merete
ID: 17823053
Yes indeed, it is a standard for Mcfee and Norton all previous AV must be uninstalled.
Glad it finally a win win.
Best wishes
Merete
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17825287
Yeah some antivirus are a little too fussy.
Glad to know you've sorted it all out. Good job!

Thanks.
Happy computing!

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now