"\Device\mfeavfk01.sys" - clean or infected rootkit?

Discussion in 'Security and Viruses' started by dredge, Mar 14, 2010.

  1. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    @ dredge: do you have a Linux kernel installed on C:\ maybe?
    If not please scan drive C:\ (and every external devices like USB flash memories you use)

    However I'm starting to think that's a false positive, as hellnoire said: never run two antivirus at once in the same PC
  2. Guest Ads
    Online

    Google King of the Internet

  3. hellnoire
    Offline

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,925
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Leo, I don't think we need to worry about that until he's finished uninstalling McAfee. It might be an idea, but I can't see him having the problems anymore due to removal of the second AV.
  4. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
  5. grr
    Offline

    grr Prominent Member

    Joined:
    Jan 12, 2010
    Messages:
    2,760
    Trophy Points:
    168
    Ratings:
    +3 / 0 / -0
    in case file is not found it might have been quarantined by AVG...

    another best way to have 2 antivirus still running, as against good practice is to always disable one while scanning with second...:D
  6. hellnoire
    Offline

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,925
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    No, I have to disagree.

    Good practice is to have one AV and one AV alone. If you need more protection, layer it with an anti-malware such as MBAM or Super Anti-Spyware.
  7. grr
    Offline

    grr Prominent Member

    Joined:
    Jan 12, 2010
    Messages:
    2,760
    Trophy Points:
    168
    Ratings:
    +3 / 0 / -0
    I agree hellnoire, but some of us would go for 2 (few years back i also used to have 2 of them):D
  8. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Even if AVG could be able to quarantine a hidden file detected as a rootkit which is likely to belong to Mc Afee, Mc Afee itself would stop working.

    More: there are several stand alone free removal utilities like Stinger, Kaspersky Removal tool (daily updated), Norman Malware Cleaner
    , Dr Web cure it!, I can't see why one should install a second resident antivirus;)

    If people want to have a second opinion, they may upload the most of file to VirusTotal or Jotti Malware Scan, before installing them
    Last edited: Mar 15, 2010
  9. dredge
    Offline

    dredge Active Member

    Joined:
    Oct 25, 2009
    Messages:
    223
    Trophy Points:
    26
    Ratings:
    +0 / 0 / -0
    I uninstalled mcafee and ran MCPR to remove all the file left by Mcafee. However, when I scan again with AVG after restart, the rootkit scan still come out with the same thing. However, this time I got the file from drivers folder and manage to delete it using unlocker. From the removal step that I used on mcafee, I don't think the file belongs to mcafee as it's still running even after I do full removal using MCPR tool. But nevertheless, uninstall mcafee revealed the hidden file. Thanks, leofelix, your guide is very,very helpful. Thanks to hellnoire too for his suggestion to remove mcafee. Actually I just tested to install AVG on my sister computer but with all the resident shield disabled. I am now uninstalling AVG to install back the mcafee.Thanks to all.If anyone has idea on what is the file or where the file originated, do inform us here, please.
  10. hellnoire
    Offline

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,925
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    I'm still thinking it was McAfee conflicting with AVG, but that's me... stubborn @r$3 :lol:
  11. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    @ dredge: please download HitMan Pro 3.5 (32 bit edition if you use a 32 bit OS, 64 bit edition if you use a 64 bit Windows):
    It is a powerful Cloud based antimalware (a fully working 30 days trial) which includes several antivirus and antimalware engines.
    Do Activate HitMan Pro then scan your system.
    Do not worry, it won't interfere with AVG or with Mcafee and is able to detect and remove the most of dangerous rootkits and many other types of malware.

    In regards to the infection, you could have catched it by surfing a webpage with infected scripts or you could come across a rogue or even by plugging an infected USB flash drive.

    Please, keep your system always up to date, make sure you have the lastest Sun Java JRE, Adobe Reader and Adobe Flash player and last but not least your main browser must always be the latest version.
    In this way you'll avoid many types of infections

    for future reference, please refer to: http://forum.raymond.cc/spyware-viruses/18699-helpful-tips-for-a-safe-and-stable-system.html
    Last edited: Mar 16, 2010