Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee Firewall wont stay on, think I have a virus.


  • Please log in to reply
3 replies to this topic

#1 amedcalf

amedcalf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 29 March 2012 - 06:43 AM

Hi,

Everytime I start my computer Mcafee displays a message stating that my computer is at risk.

I open mcafee and the firewall is turned off. I try turning it on but a couple of seconds later it turns itself off.

A few days ago it did detect and supposidly remove a Trojan.

I am running windows 7.

I have used SuperAnti Spyware but this didnt find anything.

I have also used TDSSKiller but this shows nothing.

I have also used Malwarebytes and this found nothing.

I did go through the qurantine items in Mcafee and found a file called consirv.dll, I have since deleted all quarantined items in all programs I use.

Almost forgot that I also used ESAT online scanner as well but this also found nothing.

It does seem as though i have a virus of some sort. I don't really want to be using my computer without a firewall.

Any help would be reallt appreciated.

Kind Regards

Allan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 29 March 2012 - 08:34 AM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 29 March 2012 - 10:57 AM

Hi narenxp

Thanks for replying to me.

here are the results

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 16:35:54
-----------------------------
16:35:54.936 OS Version: Windows x64 6.1.7601 Service Pack 1
16:35:54.936 Number of processors: 2 586 0x170A
16:35:54.946 ComputerName: HOME-TOSH UserName: HOME
16:35:55.982 Initialize success
16:36:37.252 AVAST engine defs: 12032900
16:36:41.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:36:41.592 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3
16:36:41.612 Disk 0 MBR read successfully
16:36:41.612 Disk 0 MBR scan
16:36:41.622 Disk 0 Windows 7 default MBR code
16:36:41.642 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
16:36:41.672 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248
16:36:41.702 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296
16:36:41.762 Disk 0 scanning C:\Windows\system32\drivers
16:37:08.627 Service scanning
16:37:49.575 Modules scanning
16:37:49.585 Disk 0 trace - called modules:
16:37:49.645 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:37:49.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032cb480]
16:37:49.995 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d2d050]
16:37:52.135 AVAST engine scan C:\Windows
16:37:55.105 AVAST engine scan C:\Windows\system32
16:44:18.328 AVAST engine scan C:\Windows\system32\drivers
16:44:37.163 AVAST engine scan C:\Users\HOME
16:53:31.318 Disk 0 MBR has been saved successfully to "C:\Users\HOME\Desktop\MBR.dat"
16:53:31.328 The log file has been saved successfully to "C:\Users\HOME\Desktop\aswMBR.txt"



Thanks

Allan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 29 March 2012 - 08:30 PM

I did go through the qurantine items in Mcafee and found a file called consirv.dll, I have since deleted all quarantined items in all programs I use.

You should have seen a file called consrv.dll in quarantine.This a 64 bit zero access rootkit.We need advanced tools to make sure PC is clean before trying to fix firewall

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users