|
|
Forum Thread: McAfee
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.
This thread was submitted in the following forum:
Last updated
| Nikilet
| McAfee
|
|
|
by Nikilet on 12th Nov, 2009 05:31
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
I don't have any McAfee products on my system, but when I look under PSI's Patched tab it shows McAfee Virtual Technician Active X Control in the following path:
C:\Windows\Downloaded Program Files\MVT.dll
Awhile back Windows Problem Reports stated some problem was caused by McAfee and I should update it. I didn't have any McAfee products at that time so I just ignored it. Could it be this item and should I remove it?
|
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 12th Nov, 2009 09:19
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
Dump it.
The traditional method to remove ActiveX is:
* * * Windows XP
++++++++++++++++
launch command prompt from accessories in the programs list
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list
type: del <name of correct file without these braces>
press enter
type: exit
press enter
* * * Vista
+++++++++++
Open Start/Search
type "Command Prompt" into the search window
A Command Prompt icon will display
Right click on it
select "Run as administrator"
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list (mine was named as shown)
type: del <name of correct file without these braces>
press enter
type: exit
press enter
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 14th Nov, 2009 06:52
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
When I did this I found more items in that command box that look to me like they belong to McAfee. I googled each one and this is what I found:
McContentMgr.dll
McHealthCheck.dll
McLogMgr.dll
McPlugins.dll
McProdMgr.dll
I think from my googling that all these are associated with McAfee Virtual Technician. I know on that last one it said this will run every time you start your computer. Is it safe for me to remove these using that same process you gave me above. |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 14th Nov, 2009 16:33
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
From this & other posts it is clear U have some dross in the registry.
If I send U EXACT instructions are U confident enough to enter the registry & remove items?
Despite much gloom I read on other posts there is no real danger except for tourists!
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 14th Nov, 2009 19:21
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
Yes, I feel I can follow directions to make changes in the registry. |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 14th Nov, 2009 19:24
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
OK - I have also answered another of your posts.
I have to make a housecall shortly so will post it for you overnight.
As a point of interest do U have CCleaner installed?
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 14th Nov, 2009 19:48
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
I used to but took it off because I have paid version of Registry Mechanic which I use pretty regularly to clean registry. Someone wrote somewhere that CCleaner is good to take junk off your computer but to be very careful about using it to clean the registry. But I am willing to install it again if you tell me that it is safe to use. |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 15th Nov, 2009 03:01
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
CLEARING UP LEFTOVERS FROM AN UNINSTALL USING THE REGISTRY
================================================== ========
Sorry, this post is a bit long but I do not know your skill level so have included all basic details.
A bit of information that U can refer to once in the registry to help with navigation & exposed details.
1. The Registry has exactly the same layout as Windows Explorer but only has one "CABINET" called My Computer - it is in the LEFT pane at the top.
2. The My Computer "Cabinet" has 5 "DRAWERS" starting with HKEY_CLASSES_ROOT & ending with HKEY_CURRENT_CONFIG
For this exercise U should only open & delete, if necessary, from the following "drawers"
a. HKEY_CURRENT_USER
b. HKEY_LOCAL_MACHINE
3. Inside each "Drawer" are FOLDERS directly associated to the "Drawer".
4. Inside each Folder are the "SUB FOLDERS & FILES" with the "nitty gritty" details.
5. The RIGHT pane exposes details of the sub folders & files.
* U may wish to copy (CTRL+C) & paste (CTRL+V) the next bit to Notepad or Word.
* IF U ARE NOT FAMILIAR WITH THE REGISTRY U WILL BE PERFECTLY SAFE IF U JUST FOLLOW THE SCRIPT BELOW. CHANGING OTHER SETTINGS THAT U BELIEVE MAY HELP YOUR CAUSE COULD PROVE TROUBLESOME!
Go to Start>Run>In the box that appears type REGEDIT>click OK.
U are now in the registry and what has previously been explained should be seen. Look in the LEFT pane for the key HKEY_CURRENT_USER>expand the key by clicking on the + sign.
Look for SOFTWARE>expand that key by clicking on the + sign. Can U see McAfee in the long list of programmes exposed?
If U can, RIGHT click on the folder & select delete. When U click on any key it is normal that the "nitty gritty" elements of that folder are exposed in the right hand pane.
Now navigate to key HKEY_LOCAL_MACHINE> find & expand SOFTWARE & repeat the procedure U have just done.
It is worth spending a bit of time with these two keys as there could be other dross in there. JUST BE CAREFUL & ONLY REMOVE PROGRAMMES U ARE ABSOLUTELY SURE ARE NO LONGER USED ON YOUR PC. IF UNSURE ASK BEFORE DELETING.
For example, U mentioned U once had CCleaner installed. Is there an entry called PIRIFORM? If so by clicking the + sign against that name will clearly tell U it is CCleaner.
U may also find Norton - if U do not use any Norton (Symantic) products it is dross.
Just be sure U right click on the folders marked PIRIFORM & NORTON & select delete.
If U have removed extra dross have U cleared it from both HKEY areas exactly the same as searching for McAfee?
If happy,exit the registry by right clicking the red X (top right).
Now run your Registry Mechanic.
Reboot.
Run a full PSI scan.
01:43 15/11/2009
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 15th Nov, 2009 20:51
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
I have printed your instructions off but before I begin there is one question I have.
You told me how to remove the one item that Secunia showed for McAfee in it's Patched tab, using the command prompt. Since doing that there are no longer any items in Secunia's Patched tab for McAfee.
It was in that black command box where these other Mc items showed up. Why could one not remove those the same way I removed that first item? |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 15th Nov, 2009 21:07
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
U can & I would advise U to do that.
If that clears up the security issue (it will) then U have cleared the immediate problem.
U then have the options to go to the registry & have a look as described to seek & eliminate more dross & prevent possible future issues.
On the other hand U can just keep my script & use it as & when - it is perfectly safe.
Up to U - I think we are agreed that the main issue is to get the PC Secunia 100% secure.
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 15th Nov, 2009 21:52
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
I did go ahead with the registry instructions. In addition to the McAfee I removed 5 additional keys for programs I was sure I no longer had.
From HKEY_CURRENT_USER I removed 5 keys in addition to McAfee.
They were ESET because I know that's from an online scan I did; Fugazo, a game key; Innovative Solutions (Advanced Installer Pro) which I uninstalled a long time ago; RocketDock and Uniblue.
When I went to HKEY_LOCAL_MACHINE I assumed I would find all those same keys there under Software but I didn't. I found only 2 of the 6 keys which were Eset and Innovative Solutions. Does that sound right?
For programs or games I have installed I use Revo Uninstaller when I get rid of them. When it comes to any Windows components, Adobe, Java I use the Windows Remove Programs. I know these keys I removed are from programs I no longer have but I'm still about half scared to restart.
I guess if I restart and it goes ok I'll report back and if you don't hear from me you know something went wrong. |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 15th Nov, 2009 22:06, last edited on 15th Nov, 2009 22:06
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
Restart went ok, but still wondering if it was right that I didn't find all the keys in both places so would appreciate your comment on that.
Just for the heck of it I decided to run that code you gave me in the command box again and every single one of those Mc items I listed earlier is still there. I'm 99% sure they are all related to that McAfee Virtual Technician, so I give up. Not going to worry about it anymore at this point.
I've been kind of a pest so hope I don't have to bother you for anything for a while! |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 15th Nov, 2009 22:57
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
Well done U I say. Scared to reboot? That is the fun of IT - U followed the scripts - works every time.
There should be no fear of the registry removing useless software & some of the hype I see is nothing short of scare mongering as U have proved.
What U describe can happen. It just proves the haphazard way vendors (particularly freebies) go about their business of uninstalling their products.
To some extent it also proves Revo is not the greatest tool at removal if used to uninstall the 5 elements U found.
I hope U keep my little script. It is the only way to find software dross. All it requires is confidence to get in the registry.
U are not being a pest. If U want details of a magic tool that WILL move those useless McAfee items let me know & I will gladly give U the instructions.
Just to confirm. PSI is now showing U 100% & U have no vulnerabilities hidden with an ignore rule?
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 15th Nov, 2009 23:14, last edited on 15th Nov, 2009 23:14
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
Yes, I'd like details of how to remove this McAfee stuff, however, am I right that it is McAfee stuff? And is it possible for this stuff to be there even tho registry key has been removed?
As to PSI, no it isn't 100% because I still have that one Shockwave 10x item that was discussed in another post. I'll have to find that post because can't remember exactly what Adobe told me. I had two items for this Shockwave 10x and now I only have one. Let me check out previous post and then I'll get back to you on that. |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 15th Nov, 2009 23:31
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
These are the 2 items psi showed as insecure
C:\Windows\System32\Macromed\Shockwave 10\SwOnce.dll
C:\Windows\System32\Macromed\Shockwave 10\SwInit.exe
This is what Adobe said about them:
There is no threat from 10.4.1.26 and it is indeed a backward compatibilty player for pre-Unicode content. Tell whatever to ignore it - it's still in active development and 10.4.1.27 is on the verge of release
One of the items has disappeared from psi insecure, the SwInit.exe
The other, SwOnce.dll still remains so my psi doesn't show 100% secure. Since Adobe said not to worry about it I haven't created an ignore rule as I was to be kept aware. Your thots on this are appreciated. |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 15th Nov, 2009 23:44, last edited on 15th Nov, 2009 23:44
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
Looks like U have got it 100% in order.
I can confirm the stubborn files U have found are indeed McAfee. The details & keys are here:
ActiveX :{8701CF0B-02DB-4E45-9F19-742443552812}=c:\windows \downloaded program files\mccontentmgr.dll=[DLL and OCX = McContentMgr.dll]
ActiveX :{053F388B-1884-48EF-A46F-0377380612A5}=c:\windows \downloaded program files\mchealthcheck.dll=[DLL and OCX = McHealthCheck.dll]
ActiveX :{2F51F70F-3293-4CFC-A7E6-9827448CE550}=c:\windows \downloaded program files\mclogmgr.dll=[DLL and OCX = McLogMgr.dll]
ActiveX :{3E425DA9-C276-48BB-96B3-BB6A35DB0AF7}=c:\windows \downloaded program files\mcplugins.dll=[DLL and OCX = McPlugins.dll]
ActiveX :{51F630AF-4687-498F-94AD-A1DBADE71FDA}=c:\windows \downloaded program files\mcprodmgr.dll=[DLL and OCX = McProdMgr.dll]
ActiveX :{281C41D0-1E0D-4DCD-A4DE-74BB3DFBC46E}=c:\windows \downloaded program files\mvt.dll=[DLL and OCX = MVT.dll]
U should really remove them using the same method as the original troublesome McAfee file. My investigation revealed they can be troublesome if the actual programme is not in use.
Edit: Reboot before U recheck all the items are history.
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 16th Nov, 2009 00:54
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
Success! I removed them, rebooted and then opened cmd to check and they are all gone. It has been so wonderful to get real, honest help -- and help given with patience rather than an attitude of making one feel even dumber than ever.
McAfee came preinstalled on my computer and I removed it. I even used McAfee's removal tool and it apparently didn't remove these things.
You don't by chance help out on any other forums do you? |
|
|
| Maurice Joyce
| RE: McAfee
|
|
|
by Maurice Joyce on 16th Nov, 2009 10:59
|
Posts: 1,803
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
Nice to see someone else is safe & sound.
As I said the only real way to clear your PC is to be confident with the registry from the script U now have. Add/remove,removal tools & programmes like Revo are not a complete answer despite the hype.
I am not active on any other Forum. I only try to help on this Forum because I believe Secunia have produced the best security tool available for all levels of IT expertise.
Some just need a little help after running a scan.
U might like to look at this thread & my post to Fred.
http://secunia.com/community/forum/thread/show/305...
If interested just let me know.
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| Nikilet
| RE: McAfee
|
|
|
by Nikilet on 16th Nov, 2009 21:07
|
Posts: 71
User Since: 15th Jul, 2008
Secunia System Score: N/A
Location: N/A |
I assume by that thread you posted for me you meant do I want a print out of all your fixes? Is that it? If so, I suppose that wouldn't be a bad idea although I might still have to come here for help with using them.
As to creating an ignore rule for Drive D, I have already done that. I think you suggested that to me in an earlier post. |
|
|
|
