McAfee question....please?

Hello..I've not been here before...
I recently started getting alerts from Windows that I had a virus, worm, etc.
I downloaded an old (10 years) McAfee program, and was able to link to it to purchase upgrade.
Prior to this, a guy at Radio Shack said I had something (I brought in the name of the warning...trojan, worm, whatever it is) and he said it was too late to purchase anything to remove the problem.....He said my hard drive was going, and he could fix it. Since I now have McAfee, can't click on any hyperlinks in emails. Can't click on hyperlinks embedded here, even the spell checker and smileys here won't work. I can't get help on the McAfee site as the links won't work.

Does anyone understand what my problem is, and how to fix it? I don't know what settings to go to...
Also, noted that more than one firewall was not okay, so disabled the Windows one as I have the McAfee firewall...

Thank you in advance, and I apologize for my spelling....

peace~

support McAfee. No one who gives advice likes it. I would question the Radio Shack guy's information, and see if someone here can't help you with whatever infection you have.

If McAfee is blocking your links, you will need to disable it or uninstall it if necessary.
If you uninstall, use the Advanced option in Revo Uninstaller > http://www.revouninstaller.com/

Download Malwarebytes > http://www.malwarebytes.org/ > run the update within MB and do a complete scan.

Did you have any anti-virus on the machine before "Windows" started reporting a virus? In what way did "Windows" report this problem? A pop-up? Via a Microsoft scan? How?

Use the free version of both programs.

Unfortunately, I can't answer half of your questions as I don't understand...
All I know is that my computer crashed down, and had to be restarted a couple of times on a certain site.
That's when I got a Windows, or perhaps Microsoft 'alert' with a pop-up.....I don't know the difference between the two, or if they're one and the same. I was alerted that I had a trojan, worm, etc.

I should have found this prior to posting:
This is what I presented to the Radio Shack computer repair person who has his own business:
Net-worm.Win32.Bozori.a
Hard to read my scribbles now...but it was one of many alerts.

When I tried to download, per instructions the programs from either of the above alerts, I clicked to see if it was a trusted, site, and got 'unknown'.....I don't recall if I ever tried to download. Prior to purchasing the McAfee, I could not log on to any site without a warning page...now it's just the links that won't work.

I will, for now, take you advice and try the links that you provided.

Thank you so much for your help...I will return to let you know what transpires....
My heartfelt appreciation....

peace~

http://www.viruslist.com/en/viruses/encyclopedia?virusid=91125

I hope you see this right away. You may need more than I've given you.

Follow these instructions:

Try this first:
Hit Ctrl+Alt+Delete and open the task manager.
Stop all processes with a bunch of numbers in them.
Go to Start>Computer>C: drive>Program Files>Temp files, and delete them all.
Empty the recycle bin.
Then go to Start>Run>type %temp% and delete all of those.
Empty the recycle bin again.
Then restart the computer, tap the F8 key while it is booting up, then choose "Safe mode with networking".
Download Malwarebytes from here:
http://malwarebytes.org /
When it asks you where you would like to save it, change the "mbam_setup.exe" file to xxxxx.exe.
Then install it, update it, and run a full scan. Get the free version.

Now download SpyBot Search and Destroy from here:
http://www.safer-networking.org/index2.h… ;
Update, Immunize, then scan & Fix.

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x26618

Since you installed McAfee while infected, I don't know if it installed correctly. You should uninstall it (with Revo) and after the above instructions, reinstall it while in Safe Mode. With the additional information you've given, I can safely say, the Radio Shack guy doesn't know what he's talking about.

Are you running XP?

Running XP, and used the first link...Now link will not work when I click download from the malware site...
Still must copy/paste links...will continue.
Thank you!
I hope that I didn't uninstall too quickly...I have no idea what I'm doing...
peace~

to help as I can. There are usually more techies around.

ps. After the machine is clean, you will want to change all your passwords.

Starting now...
I'm very slow, but wrote out all of your instructions....

peace~

It copies itself to the following location:
• %SYSDIR%\wintbp.exe


Do you know how to edit the reigstry?

The following registry key is added in order to run the process after reboot:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Wintbp" = "%SYSDIR%\wintbp.exe"

When you check back, let me know, did you uninstall McAfee? What SP does your XP have?
Do you have any other computers?

http://www.avira.com/en/threats/section/fulldetails/id_vir/1076/worm_zotob.e.html

The scans will take awhile.

Yes, scans took a while...I stared at the screen for well over an hour and wondered why...
McAfee did not go away...and I don't know what SP my XP has as I don't know what SP means...
By now, you've realized who and what you're dealing with...
Thank you for being an angel...I wouldn't want to try to explain something to me : )

I still can't clink on links...
When I start the computer I get this:
Launch~1.EXE unable to locate....sigh.
I found it sitting there somewhere...Why can I locate it but the computer can't?
I'm almost out of my mind...

Wanted to thank you before sleep....

Perhaps I can think more clearly in the a.m. and retry...
Sweet dreams...

peace~

earlier than I do. There are good people here.

You can find you SP (service pack) by looking at Start > Control Panel > Add or Remove Programs > Windows XP (SP#).

Start in Safe Mode as above (tap F8 key while it is booting) and select START IN SAFE MODE
According to the directions I found, you are going to have to edit your registry. It is simple.

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Wintbp" = "%SYSDIR%\wintbp.exe"

Start > Run > (type in) regedit > OK
Backup:
Click File > Export
Windows will open a SAVE window. Name it and save it to your desktop.


Next > Follow the path given in the registry key (expand with +)
HKEY_CLASSES_ROOT > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
After you click on run, see if you have an entry for "%SYSDIR%wintbp.exe"
If so, delete it.
Follow that procedure for each HKEY in the list, deleting only any entry that matches that file name.

When you ran Malwarebytes, did it delete stuff?
The file it is looking for maybe related to the worm that Malwarebytes removed.
When you say "McAfee" did not go away .. did you TRY to uninstall it? The procedure for the worm was just for removal of the worm, not McAfee. Revo should be used for that.

It would be helpful if you can remember and list the steps you've taken so far.
You're doing fine.

Firstly, I just now clicked your first link for the Bozori.a and found what it is in the computer:

>Once launched, the worm copies itself to the Windows system directory as “wintbp.exe”<

I searched, and no such file found. I followed your instructions, most likely randomly...I still have McAfee, but downloaded the malware program.

I can now use links, had it repaired, and am so relieved.
I'm going to assume all is well. Malwarebytes deleted 26 'things' from the computer.

Thank you for your help....:hug: Smileys are back!
I can now check spelling:D

But this is really weird. When I spell check, after the word Bozori.a, the following word is inserted:
>Cwintbp y<
I did not type it....It does not appear in the preview.



peace~

but .. "wintbp y" may be another worm. Sometime very soon, make sure McAfee is updated, and run it in Safe Mode. Also search to see if you have a file by that name. Let McAfee fix it if it will do so. AND change your passwords.

Does this also mean that you fixed the registry?

:thumbsup:

This time for wintbp y, and nothing came up.
I don't know if I fixed it, but did something to the registry:blush:
I will run McAfee again....I'm exhausted. Will also change passwords...
Typed Bozori.a in this post, and spell check did not insert the other word...very strange.

Thank you so very much for hanging in there with me....
peace~

People generally know more than they think they do.

You are awesome! :yourock: