MVP Jubo Security Blog

The Blog

Recent Posts

Tags

News

  • Kim's Journal
    My wife's blog, the "alternative" truth...


    MVPs
    2003 - 2004 - 2005 - 2006 - 2007 - 2008 - 2009


    Jubo





    Locations of visitors to this page

Community

Email Notifications

MVP Sites

Microsoft Links

Blogs

Security Forums

Microsoft Blogs

Archives

December 2007 - Posts

McAfee Trojan Redirect Issue

Some McAfee customers are redirected to a non-McAfee website or receive an error or blank page when attempting to download or update McAfee software

Summary: on 12/27/07, McAfee learned that a new variant of the DNSChanger Trojan has been released and is infecting computers. This Trojan, which has yet to be named, is affecting a number of security and Internet companies, including McAfee. McAfee has already identified a solution.

Description:

  • If your system is infected with this Trojan, you may find that your Web browser and other applications which use the Internet are unable to access the intended site, and are instead redirected to unwanted websites or receive a page cannot be displayed error. These errors occur when you attempt to update or install McAfee consumer products or access McAfee websites. The affected McAfee consumer products include McAfee Total Protection, McAfee Internet Security Suite, and McAfee VirusScan Plus.
  • If you are a new customer and are trying to install McAfee software, the unwanted site may be displayed within the McAfee Download Manager window.
  • Existing customers may find that product updates fail, and will be unable to receive the latest Virus Definition (DAT) files.

If you are unsure if you are infected, please follow the steps below to verify:

  1. Click on Start, Run, and type cmd.exe.
  2. In the command prompt window, type:

    ipconfig /all

  3. If your DNS Servers address displays 85.255.116.189 or 85.255.113.44 your computer has been infected and you should continue to the steps below.

If your DNS Servers do not display 85.255.116.189 or 85.255.113.44, then your computer has not been affected by this Trojan, and you do not need to continue.

 

Windows Vista computers:

  1. Click Start, Search, type cmd.exe, and press ENTER.
  2. In the Search Results window, right-click cmd.exe and select Run As Administrator.
  3. In the command prompt window, type:

    ipconfig /all

  4. Press ENTER.
  5. If your DNS Servers address displays 85.255.116.189 or 85.255.113.44 your computer has been infected and you should continue to the steps below.

    If your DNS Servers do not display 85.255.116.189 or 85.255.113.44, then your computer has not been affected by this Trojan, and you do not need to continue.

     

    Solution:

    IMPORTANT: You must follow all of the steps below to receive the DAT update which will clean this infection upon the execution of a scan.

    Step 1 - Clear the IP Stack

    1. Click Start, Run, type cmd, and press ENTER.
    2. In the command prompt window, type:
    3. netsh int ip reset reset.log
    4. Press ENTER.
    5. Close the command prompt window.

    For Windows Vista computers:

    1. Click Start, Search, type cmd.exe, and press ENTER.
    2. In the Search Results window, right-click cmd.exe and select Run As Administrator.
    3. In the command prompt window, type:
    4. netsh int ip reset reset.log
    5. Press ENTER.
    6. Close the command prompt window.

    If you are unable to access the Internet or update your McAfee products after performing these steps, see Manually clearing the IP Stack under Additional Information.

     

    Step 2 - Update and scan your system

    1. Right-click the M icon in your taskbar.
    2. Select Updates.
    3. After the update completes, right-click the M icon in your taskbar and select Scan.

    Your McAfee consumer product will detect and remove the Trojan.

     

    Source: McAfee FAQs DocumentID: 307223

    Posted: Fri, Dec 28 2007 10:37 by jubo | with no comments
    Filed under:
    Remembering Judi/Tigg

    Yesterday I received an email telling that Judi, aka "Tigg" passed away at 10:30AM EDT. Judi was a wonderful person, a very good moderator at the McAfee Support Forums, always trying to help the McAfee customers and the McAfee technicians. And sometimes, when we, the moderators, needed it, give us a smack on our heads.

    Judi, you'll always be missed. Rest well in heaven...

    Posted: Fri, Dec 28 2007 8:26 by jubo | with no comments
    Filed under: ,
    Kim and I got married!!

    On November 17, 2007, Kim and I got married in Sumner, WA., USA. It was a wonderful day! Thanks to all the family and friends. My sister was the only one from Holland and was a bridesmaid. Here's an unofficial photo of Kim and me:

    After the wedding we had some time off but after Thanksgiving we needed to pack a lot of things for our trip back to Holland.

    With the maximum amount of suitcases we eventually arrived at Sea-Tac airport and were on our way to Amsterdam with a layover in Detroit. The flight to Detroit Metro Airport went fast and the plane arrived 50 minutes earlier than scheduled. That gave us some time to have a quick snack at McDonalds before boarding the plane to Amsterdam.

    The plane in Detroit had to wait to take off because otherwise it would arrive too early at Schiphol, Amsterdam, and some people would not be awake then... ;)

    The flight was uneventful until the last 15 minutes. Because of the strong wind the plane made some strange movements and some people were looking green, including Kim, when the plane finally touched down at Schiphol.

    Now we have to try to get a resident permit for Kim to stay in Holland. Back to work and showing Kim a few things of Holland too. Yesterday we went to Amsterdam and visited the Anne Frank House in Amsterdam. Many things to do at home and lots more things to see and visit in the future. For now... back to work...

    See also: Microsoft MVP (again!) and I feel great! Let's get married...

     

    Posted: Mon, Dec 17 2007 3:12 by jubo | with 2 comment(s)
    Filed under: