Attacked by a McAfee imposter!

Do the "One Time Scan", here: Free Virus Scan | Online Virus Scan from ESET | ESET

Try Malwarebytes (free) also: https://www.malwarebytes.com/


I would also use Revo Uninstaller to see if there is anything related to McAfee, if nothing shows on any of it's lists, try the Hunter Mode. It places a target on your desktop, which you drag and drop on anything that pops up claiming to be McAfee.

Download Revo Uninstaller Freeware - Free and Full Download

When I was a child viruses were easy to remove from windows. It would have taken the following methods.

• Running a virus scan using the antivirus software to scan the entire hard drive so every file is scanned
• Closing the virus in task manager
• Disabling or deleting a service (using msconfig, computer management or services.msc)
• Detecting if a windows file that is currently running has had a virus injected into it, so windows is tricked into thinking it's a microsoft file (This doesn't work any more since Windows Vista)
• Tricking the user to install a faulty driver (this doesn't work any more since Windows Vista as all drivers have to be digitally signed and verified by Microsoft WHQL)
• Checking what software runs at startup using Autoruns by Sysinternals
• Run Ad-Aware. Unlike most antivirus software, Ad-Aware is specifically designed to detect viruses in computers that are already infected, so their heuristics for scanning is more sophisticated, compared to how the rest just scan every file before it runs.
• Tricking the user to install an Internet Explorer Toolbar that's a virus
• Injecting the entire virus into the RAM or memory so it doesn't appear to be running from the hard drive (This doesn't work any more since Windows 10)

Nowadays viruses are more sophisticated in how they evade detection from the user. There's a thing called a rootkit which is a virus that doesn't appear on task manager and isn't detected using a virus scan. So I suggest you do the following

• Checking what software runs at startup using Autoruns by Sysinternals
• Viruses tend to monitor the websites you visit. Also viruses tend to corrupt the wifi driver making it faulty and behave strangely. Go to Device Manager and uninstall your wifi driver and make sure that the checkbox to delete the driver is NOT ticked. Then restart your computer. The wifi driver should install automatically. If it doesn't then that's indicative of a problem.
• Run Hijackthis
• Run Malwarebytes Anti-Rootkit (this is different to malwarebytes antivirus)
• Run Kapersky TDS Killer
• Run GMER. GMER tends to show processes that do not display a process ID so it's blank. This is not indicative of a virus. You can use Process Explorer to look up the unknown processes to see if they should be there.
  

pwabrahams said:

I'm writing this post from Kubuntu Linux, not Windows Ten, because my Windows Ten installation has been attacked by a monster in the form of a McAfee imposter. McAfee doesn't appear in the list of apps, so I can't kill it in the usual way by just deleting it from the Apps list. It beeps at me every 30 seconds or so, imploring me to enroll (and send them my credit card information) and warning me that my machine has been attacked by viruses. It flashes some variant of that message each time it beeps and won't take no for an answer. If I attempt to remove it in one of the usual ways, the next set of beeps is longer and louder. I've never used McAfee Antivirus, but I'm sure it doesn't behave that way.

So how can I get rid of it? My first thought is to run a different antivirus program such as AVG,but don't how effective that would be. My second thought is to remove it from the list of running processes, assuming (a) that I can identify it and (b) that removing it from the process list is necessary and sufficient.

Advice is welcome.

It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not.

desbest said:

... There's a thing called a rootkit which is a virus that doesn't appear on task manager and isn't detected using a virus scan. ...

This built-in facility can cope with rootkits
Windows Defender Offline Scan - TenForumsTutorials

Denis

pwabrahams said:

Malwarebytes has done the job for me ...

What did it say the problem was?

Denis