Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mcinfo.exe


  • Please log in to reply
2 replies to this topic

#1 Grey Baron

Grey Baron

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 07 July 2005 - 03:34 PM

I have an infected W98SE computer, which may have had NGD Dialer or some other, possibly Swen or maybe boot sector infection. One of the symptoms of the infection was that just as the dialup connection was made, McAfee Personal firewall was turned off. If you were quick enough to spot it, it could be turned on again and the virus could not react further.
After hours of trawling and using various scanners, I found in the Windows Temp directory a filename which began with 6 or 7 random numbers, followed by "_mcinfo.exe". Deleting that had to be done at the DOS prompt but something still lives ! I can dial out if I have not opened an application such as Thunderbird but, if I open that first, the dial up tries about three times
but never gets through. I offer this post because i see that others have asked about "mcinfo.exe" itself, and would like to warn others that there is something nasty out there. I am just about to trash the hard drive with "Fdisk MBR" and start again.

BC AdBot (Login to Remove)

 


m

#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:27 PM

Posted 09 July 2005 - 10:34 AM

Have you tried Spybot 1.4 or Adaware 1.06 ?
"2007 & 2008 Windows Shell/User Award"

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:27 PM

Posted 09 July 2005 - 05:19 PM

mcinfo.exe (McAfee Info) - Details

The mcinfo.exe process is required for McAfee virus scan to operate correctly, and so should not be stopped. If you stop this process you run the risk of having your computer infected by viruses and trojans.
http://www.auditmypc.com/process/mcinfo.asp

Here are some tools you may want to try:

Freeware AntiSpyware and Security Programs

Software firewalls with freeware versions
Zone Alarm SE: http://www.zonealarm.com/
Sygate: http://www.sygate.com/

Antivirus programs - freeware (you can only use one resident anti-virus program on your computer. More than one will conflict)

AVG: http://www.grisoft.com/us/us_index.php

Avast Anti-virus freeware
http://www.komando.com/bestshareware.asp


Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

AdAware: http://www.lavasoftusa.com/software/adaware/
Microsoft Antispyware Beta:(Win 2k and XP only) http://www.microsoft.com/athome/security/s...re/default.mspx
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Spybot S&D: http://www.safer-networking.org/en/index.html
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

AČ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.


CWShredder from InterMute
CW Shredder removes some variants of spyware known as the Coolwebsearch Trojan. The Trojan takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites. Run CWShredder after installing, and have it look for updates. Then click the "Fix" button, and the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.
Cost: Free
http://www.intermute.com/spysubtract/cwshr...r_download.html

Hijack This and a variety of other tools for malware and pestware
http://216.180.233.162/~merijn/files/HijackThis.exe or
http://www.spywareinfo.com/~merijn/downloads.html


Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Panda Activescan (IE only)
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
online trojan scans here -
http://scan.sygatetech.com/pretrojanscan.html
http://windowsecurity.com/trojanscan

How to submit a Hijack This log
http://www.bleepingcomputer.com/tutorials/how-to-post-a-hijackthis-log/

http://www.bleepingcomputer.com/forums/How...s_Log-t956.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users