Which McAfee VSE 7 processes to disable for TDS-3 full scan

Discussion in 'Trojan Defence Suite' started by kwesi, Jul 23, 2004.

Thread Status:
Not open for further replies.
  1. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hello. I've discovered by reading some very informative posts here, that it is best to disable your AV's on-access scanner, while running a full TDS-3 Scan.

    In relation to McAfee Virus Scan Enterprise 7, does anyone know whether it would be wise to terminate any additional processes, after disabling the on-access scanner, and how I might do this safely, please?

    Thanks very much.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi kwesi, Not sure about McAfee but I expect a TDS / McAfee user will respond. :)
     
  3. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Thanks, Pilli. I'll probably try my next TDS-3 scan with just the on-access scanner disabled. Funnily enough, and this is just musing now, without necessarily expecting any replies to this, :) but:

    I ran a virus scan with Mcafee VSE 7.1, and found about three locked files, which the log tagged under: " Unable to scan C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui as it is encrypted or password protected," whereas the messages I saw when the scan was running were along the lines of "Unable to scan .....$uninstall/kbXXXX$ as.." I ran Spybot SD1.3 afterwards & it found "C2.lop", which it has fixed - threads which I read upon googling C2.lop, mentioned the presence of false "uninsta11" (sic) files.

    Now, as a program called 'Startup Mechanic," which I generally trust, has labelled McAfee's "UpdaterUI.exe" as harmful, & "eUniverse KeenValue parasite related," I'm putting 2 and 2 together, & making a Paranoid Million. I tried to disable UpdaterUI through Startup Mechanic, but no dice. I think that as the "Framework service.exe" is running, so will UpdaterUI.

    Well, as I say - just musing idly, but if anyone has any thoughts on any of this, between here and eternity, please feel free to chip in. Gracias.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi kwesi, By all means do a full scan with TDS3 ans NcAfee closed down, can I also suggest that you download the trial version of Spy Sweeper http://www.webroot.com and the free version of AdAware www.lavasoft.de and run there full scans. This will ensure that C2.lop is gone completely.
    You may be able to delete UpdaterUI.exe" from Safe mode.

    HTH Pilli
     
  5. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    82
    Location:
    London
    Hi, Pilli.

    I've got the full version of Spysweeper, & Ad-Aware free version, both fully updated, so I'll probably re-run those in Safe Mode, & then try deleting Updater.UI. It was useful for you to mention "Safe Mode," as I always advise my friends to run AVs in Safe Mode, when they think they've something nasty, & routinely forget to take my own advice...:)

    Thanks very much.
     
Thread Status:
Not open for further replies.