McAfee Trojan Redirect Issue
Some McAfee customers are redirected to a non-McAfee website or receive an error or blank page when attempting to download or update McAfee software
Summary: on 12/27/07, McAfee learned that a new variant of the DNSChanger Trojan has been released and is infecting computers. This Trojan, which has yet to be named, is affecting a number of security and Internet companies, including McAfee. McAfee has already identified a solution.
Description:
- If your system is infected with this Trojan, you may find that your Web browser and other applications which use the Internet are unable to access the intended site, and are instead redirected to unwanted websites or receive a page cannot be displayed error. These errors occur when you attempt to update or install McAfee consumer products or access McAfee websites. The affected McAfee consumer products include McAfee Total Protection, McAfee Internet Security Suite, and McAfee VirusScan Plus.
- If you are a new customer and are trying to install McAfee software, the unwanted site may be displayed within the McAfee Download Manager window.
- Existing customers may find that product updates fail, and will be unable to receive the latest Virus Definition (DAT) files.
If you are unsure if you are infected, please follow the steps below to verify:
- Click on Start, Run, and type cmd.exe.
- In the command prompt window, type:
ipconfig /all
- If your DNS Servers address displays 85.255.116.189 or 85.255.113.44 your computer has been infected and you should continue to the steps below.
If your DNS Servers do not display 85.255.116.189 or 85.255.113.44, then your computer has not been affected by this Trojan, and you do not need to continue.
Windows Vista computers:
- Click Start, Search, type cmd.exe, and press ENTER.
- In the Search Results window, right-click cmd.exe and select Run As Administrator.
- In the command prompt window, type:
ipconfig /all
- Press ENTER.
- If your DNS Servers address displays 85.255.116.189 or 85.255.113.44 your computer has been infected and you should continue to the steps below.
If your DNS Servers do not display 85.255.116.189 or 85.255.113.44, then your computer has not been affected by this Trojan, and you do not need to continue.
Solution:
IMPORTANT: You must follow all of the steps below to receive the DAT update which will clean this infection upon the execution of a scan.
Step 1 - Clear the IP Stack
- Click Start, Run, type cmd, and press ENTER.
- In the command prompt window, type:
- netsh int ip reset reset.log
- Press ENTER.
- Close the command prompt window.
For Windows Vista computers:
- Click Start, Search, type cmd.exe, and press ENTER.
- In the Search Results window, right-click cmd.exe and select Run As Administrator.
- In the command prompt window, type:
- netsh int ip reset reset.log
- Press ENTER.
- Close the command prompt window.
If you are unable to access the Internet or update your McAfee products after performing these steps, see Manually clearing the IP Stack under Additional Information.
Step 2 - Update and scan your system
- Right-click the M icon in your taskbar.
- Select Updates.
- After the update completes, right-click the M icon in your taskbar and select Scan.
Your McAfee consumer product will detect and remove the Trojan.
Source: McAfee FAQs DocumentID: 307223