6
2
In the last week, I have had two family members contact me about possible viruses on their machines. The cases involve different machines in different geographic locations. The only similarities are that they are both on BT and both use McAfee Internet Security packages.
What happens:
The users describe to me what sounds like a standard popup from a website — you know, the "X viruses found on your machine its in risk click here to remove etc etc" sort — however, it seems to sit behind the desktop icons on both machines and persists after a reboot of the computer. As soon as the user logs into the machine, it's there, before the user has even opened a browser window. Also in both cases it seems to stop the user from opening McAfee, saying it's corrupt.
I instructed the user to reboot into safe mode and try to run a full scan, which both users did. Both scans came back clean. However, upon booting back into Windows normally — even with the WiFi switched off — it's there again.
Now for the really weird part.
The first user was my mother. I went around two days later to take a look, and it was gone. There was no sign of it, McAfee opened fine, there were no incident reports, there was nothing unusual showing in ms-config startup... nothing at all. She asked me to format the disk and reinstall Windows anyway, which I did, and it's never returned.
Then, today, a third person phoned me with exactly the same problem. Same ISP, same antivirus.
I am kind of stumped. What should I do from here?
Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?
– Burgi – 2019-06-04T08:31:23.8773Incidentally, thanks for the good writeup. And welcome to SuperUser. – None – 2011-03-11T21:37:18.937
Hi and thanks, to the admin who edited.. the title makes me sound like a nab and not someone with a first class honours degree in computing ^^ the different places part :p – Vade – 2011-03-12T01:05:20.360