McAfee alert

  • Thread starter Thread starter Me
  • Start date Start date
M

Me

greetings

Having just updated Spybot and started a search, in the midst of that,
McAfee cut in and gave a Bugbear alert related to a file fgxdorj.dll .

This was in System32 and System Volume Info.

I've done a google search on that file but can't find a thing.

Now, I have Win XP Pro fully updated, McAfee 7 fully updated, Zone Alarm
fully updated, Mailwasher fully updated, Spywareblaster fully updated,
Adaware fully updated, and Spybot that I had just updated.

So how did this get in? What is that file?

I do not open attachments.

BUT my daughter is home from uni????

Cheers
 
greetings

Having just updated Spybot and started a search, in the midst of that,
McAfee cut in and gave a Bugbear alert related to a file fgxdorj.dll .

This was in System32 and System Volume Info.

I've done a google search on that file but can't find a thing.

Now, I have Win XP Pro fully updated, McAfee 7 fully updated, Zone Alarm
fully updated, Mailwasher fully updated, Spywareblaster fully updated,
Adaware fully updated, and Spybot that I had just updated.

So how did this get in? What is that file?

I do not open attachments.

BUT my daughter is home from uni????

Cheers
Click to expand...
Try this link
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Taff..........



www.sounds-pa.com | www.thecomputerworkshop.com
 
Please read the following McAfee URLs
http://vil.nai.com/vil/content/v_99728.htm
http://vil.nai.com/vil/content/v_100358.htm

Download McAfee's Internet worm removal tool Stinger, http://vil.nai.com/vil/stinger/

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Please reboot your PC into Safe Mode
3) Perform a Full Scan of your platform using Stinger clean/delete any infectors found
4) Restart your PC and perform a "final" Full Scan of your platform using Stinger
5) Re-enable System Restore, reboot the PC
6) Create a new Restore point
7) Please report back your results


Dave





| greetings
|
| Having just updated Spybot and started a search, in the midst of that,
| McAfee cut in and gave a Bugbear alert related to a file fgxdorj.dll .
|
| This was in System32 and System Volume Info.
|
| I've done a google search on that file but can't find a thing.
|
| Now, I have Win XP Pro fully updated, McAfee 7 fully updated, Zone Alarm
| fully updated, Mailwasher fully updated, Spywareblaster fully updated,
| Adaware fully updated, and Spybot that I had just updated.
|
| So how did this get in? What is that file?
|
| I do not open attachments.
|
| BUT my daughter is home from uni????
|
| Cheers
|
|
 
Thanks for the response David

I've gone through the process that you suggested using Stinger, and it
detected nothing.

But when I got the first alert from McAfee (which told me it had found
Bugbear in fgxdorj.dll) I used Mcafee to quarantine that file, and went
through the process of disabling System Restore, rebooting, doing a full
scan with McAfee, re-enabling, and rebooting.

So I guess McAfee did what it was supposed to?

The process does raise some further questions though, if you don't mind.

First - does Stinger find/deal with nasties that the full, updated McAfee
doesn't?

Second - could you please explain why in your suggested process you advise
doing a second scan with stinger - having already done a scan in Safe mode?

Third - when McAfee quarantines a file, what does it do to it? I can see
that it changes the filename by adding _.MCQ at the end, but out of interest
I copied that file to elsewhere, removed the extra bit from the filename,
and had McAfee scan that file, and it found nothing. I expected it to find
the Bugbear that had caused the intial problem. Did McAfee kill Bugbear when
it quarantined it?

Regards
 
Answers inline...
| Thanks for the response David
|
| I've gone through the process that you suggested using Stinger, and it
| detected nothing.
|
| But when I got the first alert from McAfee (which told me it had found
| Bugbear in fgxdorj.dll) I used Mcafee to quarantine that file, and went
| through the process of disabling System Restore, rebooting, doing a full
| scan with McAfee, re-enabling, and rebooting.
|
| So I guess McAfee did what it was supposed to?
|
| The process does raise some further questions though, if you don't mind.
|
| First - does Stinger find/deal with nasties that the full, updated McAfee
| doesn't?


Stinger is a worm removal tool and only is targeted on 33 Internet worms and their variants.


|
| Second - could you please explain why in your suggested process you advise
| doing a second scan with stinger - having already done a scan in Safe mode?


Just to make sure. !


| Third - when McAfee quarantines a file, what does it do to it? I can see
| that it changes the filename by adding _.MCQ at the end, but out of interest
| I copied that file to elsewhere, removed the extra bit from the filename,
| and had McAfee scan that file, and it found nothing. I expected it to find
| the Bugbear that had caused the intial problem. Did McAfee kill Bugbear when
| it quarantined it?


I don't quarantine, I have the AV product always CLEAN or DELETE.

Dave
 
Bugbear and other viruses do make up random file names thus the fact that a
search comes up with no matches.

I would remove the virus and scan with an online scanner such as panda or
housecall.
 
Back
Top