BleepingComputer.com: Mcafee Antivirus will not run scans

I really hope someone can help me. I just put Mcafee Antivirus Plus on my laptop about 2 weeks ago. It had been working fine up til 3 days ago real time protection would not turn on, so I contacted Mcafee and they told me to reinstall it. I reinstall it then it does not want to run any scans. I am so frustrated, I have been dealing with Mcafee for 2 days now and have talked to 2 different tier 2 guys. The first guy said something in my windows 32 system was corrupted, said he fixed it and for me to reinstall again but still didnt work. Second guy said that I had to many HP errors which was causing Mcafee not to work properly, told me to contact HP to get it fixed then try to run a scan. So I went ahead and uninstalled Mcafee and put another virus protection on and guess what it is working fine. If anyone has had any issues with Mcafee or knows what might be the problem, please let me know.

This post has been edited by hamluis: 06 February 2011 - 11:02 AM
Reason for edit: Moved from Win 7 to AV, Firewall, Privacy Protection.

In my opinion (and in the opinion of MANY others) McAfee products (and their "support) are the worst in the business. Period. I always suggest replacing their product with virtually ANY other anti virus utility.

I have another question what does cngaudit.dll mean?

Google info about cngaudit.dll

The reason I was asking what cngaudit.dll was, Mcafee kept trying to delete it said it was a trogan. Everytime they deleted and rebooted it was back. I also run Malwarebytes and I just recently ran combofix through Malwarebytes and he said everything looked good. Is this something I need to be concerned about?

If you read the links in the Google search provided you will see that cngaudit.dll appears to be a legit Windows file\dll. dll = Dynamic Link Library.

As Allan stated mcafee is not a very respected AV, with Tech support that seems to match.

I would be more inclined to take the word of the MBAM team then of the mcafee tech(?) support.

I just want to thank you and Allen for helping me.

You are more then welcome. That`s what BC is here for.

tinkerbellpixie, on 06 February 2011 - 06:10 PM, said:

Not that I was much help, but you're certainly welcome

tinkerbellpixie, on 06 February 2011 - 05:45 PM, said:

If you want, there is a way to check if cngaudit.dll is a legitimate Microsoft executable or not.
Download sigcheck from Microsoft: http://technet.microsoft.com/en-us/sysinternals/bb897441
It is a command-line tool. Start it from cmd.exe: sigcheck.exe cngaudit.dll (this example is assuming you've extracted sigcheck.exe in the same directory as cngaudit.dll).
You will see info displayed about cngaudit.dll, the most important needs to be:
Verified: Signed

This will check the digital signature (AuthentiCode) of cngaudit.dll. If it's not from Microsoft, it will not have a Microsoft signature, and if it is infected, the signature will not be valid.

This post has been edited by Didier Stevens: 07 February 2011 - 08:32 AM

I am not real sure how to do this, do I need to save sigcheck to the windows 32 file folder where cngaudit.dll is located?

tinkerbellpixie, on 07 February 2011 - 10:52 AM, said:

No problem. Just save the sigcheck file to one of your folders, and unzip it there. Let's say that the folder you choose is c:\temp
From the start menu, type cmd.exe and run it.
In the cmd.exe console, type cd \temp to go to the folder where you saved sigcheck.
Then type: sigcheck c:\windows\system32\cngaudit.dll
Accept the EULA.
On my machine, I get this output:

sigcheck v1.60 - sigcheck
Copyright (C) 2004-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\system32\cngaudit.dll:
        Verified:       Signed
        Signing date:   4:17 14/07/2009
        Strong Name:    Unsigned
        Publisher:      Microsoft Corporation
        Description:    Windows Cryptographic Next Generation audit library
        Product:        Microsoft« Windows« Operating System
        Version:        6.1.7600.16385
        File version:   6.1.7600.16385 (win7_rtm.090713-1255)

Your output should be similar, the versions and date may differ, but the file should be signed (Verified: Signed) by Microsoft.

Update:
You can also do this with the live drive, i.e. without downloading sigcheck.
Start cmd.exe, and type the following command:
\\live.sysinternals.com\tools\sigcheck c:\Windows\System32\cngaudit.dll
If this doesn't work, then do has I explained above.

This post has been edited by Didier Stevens: 07 February 2011 - 03:57 PM

ok, thank you for explaining it better for me I am not that good with computers. I will try it now and I will let you know what it says.

Instead of struggling with Mcafee, you should use malwarebytes to eliminate any viruses. I have used it, and found it to be very effective. You can download a trusted copy of malwarebytes at cnet or http://malwarebytes.org

@ RobGreen. MBAM is an excellent and highly recommended anti-malware program. It is not an anti-virus program.

It is ment to compliment and work alongside AV`s to catch what they may miss. Not to replace them.