[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 630
  • Last Modified:

VirusScan wont install

Windows XP SP1 (will upgrade to SP2)
Mcafee Internet Security Suite 2007

Hi after slaying two virus's with Prevx I tried to install Mcafee Internet Security Suite 2007.  All the components installed except VirusScan which is my problem.  Is the cause 1 (another undetected virus) or 2 a remnent of something the virus did to this system.  I would value your ideas.

Andreas

PS The customer needs this computer ASAP so timely solutions would be appreciated.
0
AndreasHagen
Asked:
AndreasHagen
  • 6
  • 2
  • 2
2 Solutions
 
rpggamergirlCommented:
Try downloading these you can always uninstall these scanners when you're clean.
Have you also tried online scans?

1. Download and install Superantispyware
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Load Superantispyware and click the check for updates button.
Once the update is finished, close SuperAntispyware again, we'll perform the scan later in safe mode

* Start Superantispyware.
Click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

2. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
0
 
AndreasHagenAuthor Commented:
Hiya this is the log generated:  


test - 06-10-27 20:46:30.04    Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\test\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-27 to 2006-10-27  ))))))))))))))))))))))))))))))))))
 
 
2006-10-27      20:29      0      --a------      C:\WINDOWS\system32\CMMGR32.EXE
2006-10-27      18:49      <DIR>      d--------      C:\WINDOWS\McAfee.com
2006-10-27      18:04      84,744      --a------      C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-10-27      16:35      9,728      --a------      C:\WINDOWS\system32\drivers\pxscinst.dll
2006-10-27      16:35      7,680      --a------      C:\WINDOWS\system32\drivers\pxinst.dll
2006-10-27      16:35      7,552      --a------      C:\WINDOWS\system32\drivers\pxcom.sys
2006-10-27      16:35      266,112      --a------      C:\WINDOWS\system32\drivers\pxfsf.sys
2006-10-27      16:35      18,432      --a------      C:\WINDOWS\system32\drivers\pxtdi.sys
2006-10-27      16:35      13,568      --a------      C:\WINDOWS\system32\drivers\pxrd.sys
2006-10-27      16:35      11,648      --a------      C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-27      16:35      100,864      --a------      C:\WINDOWS\system32\drivers\PxEmu.sys
2006-10-27      16:01      37,800      --a------      C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-10-27      16:01      33,896      --a------      C:\WINDOWS\system32\drivers\mfebopk.sys
2006-10-27      16:01      31,560      --a------      C:\WINDOWS\system32\drivers\mferkdk.sys
2006-10-27      16:00      161,768      --a------      C:\WINDOWS\system32\drivers\mfehidk.sys
2006-10-27      16:00      104,536      --a------      C:\WINDOWS\system32\drivers\Mpfp.sys
2006-10-27      14:53      593,408      --a------      C:\WINDOWS\system32\h323msp.dll
2006-10-27      14:53      548,352      --a------      C:\WINDOWS\system32\rtcdll.dll
2006-10-27      14:53      439,808      --a------      C:\WINDOWS\system32\ipnathlp.dll
2006-10-27      14:53      36,864      --a------      C:\WINDOWS\system32\mf3216.dll
2006-10-27      14:53      26,112      --a------      C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-25      15:13      991,232      --a------      C:\WINDOWS\system32\esent.dll
2006-10-25      14:12      22,752      --a------      C:\WINDOWS\system32\spupdsvc.exe
2006-10-25      13:02      7,680      ---------      C:\WINDOWS\system32\bitsprx2.dll
2006-10-25      13:02      7,168      ---------      C:\WINDOWS\system32\bitsprx3.dll
2006-10-25      13:02      331,776      --a------      C:\WINDOWS\system32\winhttp.dll
2006-10-25      13:02      17,408      --a------      C:\WINDOWS\system32\qmgrprxy.dll
2006-10-25      12:44      465,176      --a------      C:\WINDOWS\system32\wuapi.dll
2006-10-25      12:44      41,240      --a------      C:\WINDOWS\system32\wups.dll
2006-10-25      12:44      194,328      --a------      C:\WINDOWS\system32\wuaueng1.dll
2006-10-25      12:44      173,536      --a------      C:\WINDOWS\system32\wuweb.dll
2006-10-25      12:44      172,312      --a------      C:\WINDOWS\system32\wuauclt1.exe
2006-10-25      12:44      127,256      --a------      C:\WINDOWS\system32\wucltui.dll
2006-10-22      19:24      5,632      --a------      C:\WINDOWS\system32\ptpusb.dll
2006-10-22      19:24      150,528      --a------      C:\WINDOWS\system32\ptpusd.dll
2006-10-22      19:24      14,208      --a------      C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-22      14:00      21,760      --a------      C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-22      13:58      198,424      --a------      C:\WINDOWS\system32\iuengine.dll
2006-10-06      00:27      80,272      --a------      C:\WINDOWS\system32\drivers\sscdbus.sys
2006-10-06      00:27      137,884      --a------      C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-10-06      00:27      11,877      --a------      C:\WINDOWS\system32\drivers\sscdcm.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-10-06      00:27      11,188      --a------      C:\WINDOWS\system32\drivers\sscdwh.sys
2006-10-06      00:27      10,864      --a------      C:\WINDOWS\system32\drivers\sscdmdfl.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))      


2006-10-27 20:45      --------      d--------      C:\Program Files\Prevx1
2006-10-27 20:25      --------      d--------      C:\Program Files\SUPERAntiSpyware
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2006-10-27 20:25      --------      d--------      C:\Program Files\Common Files
2006-10-27 20:25      --------      d--------      C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
2006-10-27 18:36      --------      d--------      C:\Program Files\Common Files\McAfee
2006-10-27 18:35      --------      d--------      C:\Program Files\McAfee
2006-10-27 17:27      --------      d--------      C:\Documents and Settings\test\Application Data\MSN6
2006-10-27 17:05      --------      d--------      C:\Documents and Settings\test\Application Data\Prevx
2006-10-27 16:08      --------      d---s----      C:\Documents and Settings\test\Application Data\Microsoft
2006-10-27 15:02      --------      d--------      C:\Program Files\Outlook Express
2006-10-27 15:02      --------      d--------      C:\Program Files\Common Files\System
2006-10-27 15:01      --------      d--------      C:\Program Files\Windows Media Player
2006-10-27 14:54      --------      d--------      C:\Program Files\NetMeeting
2006-10-27 14:54      --------      d--------      C:\Program Files\Messenger
2006-10-27 14:51      --------      d--------      C:\Program Files\Internet Explorer
2006-10-27 14:30      --------      d--h-----      C:\Program Files\WindowsUpdate
2006-10-27 14:11      --------      d--------      C:\Documents and Settings\test\Application Data\Sun
2006-10-27 14:07      --------      d--------      C:\Documents and Settings\test\Application Data\Macromedia
2006-10-27 12:03      --------      d--------      C:\Documents and Settings\test\Application Data\Identities
2006-10-27 02:25      --------      d--------      C:\Program Files\OpenOffice.org1.1.4
2006-10-09 16:59      --------      d--------      C:\Program Files\MSN
2006-10-09 16:55      --------      d--------      C:\Program Files\Movie Maker
2006-10-07 11:41      --------      d--h-----      C:\Program Files\InstallShield Installation Information
2006-10-06 00:27      --------      d--------      C:\Program Files\Samsung
2006-10-06 00:27      --------      d--------      C:\Program Files\Common Files\InstallShield
2006-09-12 22:09      1110528      --a------      C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:53      561664      --a------      C:\WINDOWS\system32\comctl32.dll
2006-08-25 02:14      595968      --a------      C:\WINDOWS\system32\xpsp2res.dll
2006-08-19 19:20      69632      --a------      C:\WINDOWS\uinst001.exe
2006-08-19 19:04      0      -rahs----      C:\MSDOS.SYS
2006-08-19 19:04      0      -rahs----      C:\IO.SYS
2006-08-19 19:04      0      --a------      C:\CONFIG.SYS
2006-08-19 19:04      0      --a------      C:\AUTOEXEC.BAT
2006-08-19 11:54      62      --ahs----      C:\Documents and Settings\test\Application Data\desktop.ini
2006-08-16 05:14      95232      --a------      C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:14      70656      --a------      C:\WINDOWS\system32\ws2_32.dll
2006-08-16 05:14      54272      --a------      C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 05:14      31232      --a------      C:\WINDOWS\system32\inetmib1.dll
2006-08-16 05:14      13312      --a------      C:\WINDOWS\system32\wship6.dll
2006-08-16 02:42      159232      --a------      C:\WINDOWS\system32\xpob2res.dll
2006-08-16 02:28      48640      --a------      C:\WINDOWS\system32\ipv6.exe
2006-08-16 02:27      83456      --a------      C:\WINDOWS\system32\netsh.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LTMSG"="LTMSG.exe 7"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_08\\bin\\jusched.exe"
"0025791161889444mcinstcleanup"="C:\\DOCUME~1\\dollar\\LOCALS~1\\Temp\\002579~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]      
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-27 20:47:40.71
C:\ComboFix.txt ... 06-10-27 20:47
0
 
MereteCommented:
AndreasHagen hi again, first please disconnect from the internet until you have completed any scans. It will you chance to stop them from coming back.
Was Mcafee Internet Security Suite 2007 your choice?
It is a rather strong force to the point it controls your machine.
You could consider using AVG free for the time being as it does only what its supposed to do stop or kill viruses, Mcfee is also a firewall and plus some more and may give you a headache atm trying to get it to work.

http://free.grisoft.com/freeweb.php/doc/2/
use ccleaner to clean out the crap after you shut off the internet temporarily.
http://www.softpedia.com/get/Security/Secure-cleaning/CCleaner.shtml
once the  scans come up clean check your security levels in IE.
empty the bins in recycle and outlook express.

Install spyware blaster as a great defence, once installed update it and then enable all protection.

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
http://www.snapfiles.com/get/spywareblaster.html

Cheers M
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
AndreasHagenAuthor Commented:
Hi Merete,

thanks for your reply ... the customer wanted Mcafee.

I will implement those ideas.

Andreas
0
 
AndreasHagenAuthor Commented:
I've disabled system restore and disconnected the system from the web.  

But AVG still has not detected any viruses ... it is only about 25% through scanning though.  

If it detects nothing is it likely a setting that is preventing installation?

Or maybe I should just be patient ;-)
0
 
AndreasHagenAuthor Commented:
*** No virus' found ***
0
 
AndreasHagenAuthor Commented:
I'll install sp2 and see if that makes a difference
0
 
AndreasHagenAuthor Commented:
I figured it out ... the two virus' were removed by prevx, and they caused the install to fail ... what I failed to do was uninstall all the security software afterwards so that I could install MCAFEE --- this product is fussy about things like that.

Thank you both for you time and efforts.
0
 
MereteCommented:
Yes indeed, it is a standard for Mcfee and Norton all previous AV must be uninstalled.
Glad it finally a win win.
Best wishes
Merete
0
 
rpggamergirlCommented:
Yeah some antivirus are a little too fussy.
Glad to know you've sorted it all out. Good job!

Thanks.
Happy computing!

0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 6
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now