Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help .... My System Infected By New Win32 Virus And Mcafee Manage Quarantined Files Is Disabled


  • Please log in to reply
2 replies to this topic

#1 vhic

vhic

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 17 September 2007 - 07:27 AM

I have Mcafee on my system and I think my system is highly infected with malware or virus or both; also, spyware as well. I encountered a problem in which MacAfee says that "Virus Found: The file (name of file) is infected by the New Win32 virus and cannot be cleaned. I was able to do a succesful virus Scan at first and stated that 775 files were infected, many of them .exe. Because of my ignorance, I went ahead and quarantined the files; now they are not usable (i.e. Task Manager, Internet Explorer 7 and other files). Now, here's the twist; I cannot access McAfee Manage Quarantined files from the menu as it states the mcmnhdler.exe file is infected by the NewWin32 virus. It has says the same for the file mghtml.exe. So, I can't have any of these files run.

All of the problems happened after I shared a file off of LimeWire, which I thought was a legit P2P platform.
Some symptoms:
1. I get the error message as stated above for any file that I try to run that has the New Win32 virus. One of the common errors that constantly popups is C:\CENTENN.IAL\AUDIT\xfarwan.exe is infected with the NewWin32 virus and cannot be cleaned. When I try to find the file manually, I cant find it in the location mentioned.
2. I have this red X on a shield icon that in the bottom right of my screen, stating that "Spyware infection has been detected." When I click on it, it asks me if I would like update your security software to install System Live Protect. The icon also pops up from time to time stating that my computer is infected.
3. I have a yellow caution item that popus up telling me that I'm not protected against spyware (bottom right of my computer) is infected.
4. McAfee constantly states that an Application Has Been Modified and should I grant it access, which I block all access or continue what I was doing.
5. Windows Security Center, or what appears to be Windows Security Center, popups stating Possible Spyware Infection: TrojanDowloader.XS. wHEN i click "To remove detected threat please click here", it does nothing.

Now, I decided to attempt to install Norton Antivirus or AVG; but with not success, as it gets the same error (infected by the New Win32 virus) once it installs so I cant run it to hopefully help solve my problem.

I really need my laptop to function, as it is painstainkly slow now. I need to be able to access Internet Explorer 7 and taskmanager. I am a web developer; if I can't access IE 7, I am screwed.

I tried to run HijackThis to give more details, but now it states "Windows cannot access the specified device, path, or file. You may not have the appropriated permissions to access the item. I am the administrator for this laptop.

Thanks for your time and efforts team as my computer is a necessity.


Best regards.

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:09:27 PM

Posted 18 September 2007 - 11:05 AM

I'm sorry to tell you this, but it looks like you already know it. Your system is massively infected.

Since you use this computer in your work, I don't think you should try to clean it. When a system has been infested as badly as this one, there is no way to be sure that it is "cured." Even if you remove all visible traces of infection there may be other leftovers that you cannot find.

The best solution would be to back up your data, then reformat your C:\ and reinstall Windows, either from your Windows install disk or your computer maker's system recovery disk.

If you can burn CDs on the machine you can backup the data that way. Other alternatives would be a USB flash drive or hard drive.

If Windows is so messed up that you can't use it for file copying or CD burning, then you have to try other methods. If you have access to another computer you can download and burn the Knoppix live Linux CD, then boot your laptop from it. Here is a link to an online tutorial explaining the basics.

Once the Linux CD is running you can mount the hard drive and copy files off it to a flash drive or burn them to CD -- or upload them to an online file storage service, as one fellow mentions in the combox. The Knoppix CD has a lot of network drivers and in most situations will give you access to the Internet.

The last alternative is to remove the hard drive from the laptop and install it as a "slave drive" in another PC. That is how a professional repair shop would do it. They have adapters that allow you to connect a laptop drive to the IDE cable in a desktop machine. Then they just copy over the data files to the host machine's hard drive. Then they reformat the infected drive and reinstall Windows, Finally, they scan the data files for malware before copying them back.

Hope this gives you some ideas about how to recover your data.

#3 ProMasser

ProMasser

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 18 September 2007 - 03:18 PM

Try going on Safemode by pressing F8 When Windows is getting ready than go on SafeMode Install a Antivirus and scan and try to remove if that dont help tell on this forum and im sure these computer experts will help u




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users