Security risk when going on line to reinstall antivirus prog.

[jj mac]

McAfee antivirus has blocked a program from sending emails from my computer
because of activity which might indicate a worm is on my computer.
To remedy this problem McAfee have asked me to uninstall and then reinstall
McAfee from my on line account and not from the installation CD. I pointed
out to McAfee that I was concerned that if there is a worm on my computer it
could run riot after I uninstall the the McAfee Security center and then go
online unprotected in order to carry out the reinstallation.
The reply I got From McAfee was:
"I would suggest you to please uninstall McAfee with the help of removal
tool and reinstall from your online account and not from the CD."
That reply has not allayed my concern.
I have scanned my computer with McAfee AntiVirus which (although the block
in Windows Mail is still in place) is currently reporting only 6
Potentionally unwanted Programs and adds that no action is required.
Also Spybot gives a clean bill of health.
AD-Aware reports a couple of MRU objects which I have quarantined on a
number of occasions but they keep returning.
The only program that has caused me a little concern is a-Squared Free which
reports:

Trace.directory.ebay 1 traces - med. risk
(trace C:\program files\ebay\ebay toolbar 2)

and Trace.file.ebay 2 traces--med risk
(Trace:C:\program files\ebay\ebay toolbar 2\ebaytb.dll)

McAfee has asked me to remove all the third party programs from my computer.
My McAfee account is paid up to May 2010.

Is it safe for me to proceed with the instructions I have been given by
McAfee?

Thank you

 

[S. Pidgorny]

Uninstallation and reinstallation of security software is not the right way
to remedy the problem of the software blocking other programs' actions.
Based on that rationale, I consider instructions given to you by McAfee
wrong and dangerous.

You may wish to ask at McAfee forums - http://forums.mcafeehelp.com/

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"jj mac" <jj mac@discussions.microsoft.com> wrote in message
news:97CC278F-ADE2-4AE8-8D82-B739A989EDF5@microsoft.com...
> McAfee antivirus has blocked a program from sending emails from my
> computer
> because of activity which might indicate a worm is on my computer.
> To remedy this problem McAfee have asked me to uninstall and then
> reinstall
> McAfee from my on line account and not from the installation CD. I pointed
> out to McAfee that I was concerned that if there is a worm on my computer
> it
> could run riot after I uninstall the the McAfee Security center and then
> go
> online unprotected in order to carry out the reinstallation.
> The reply I got From McAfee was:
> "I would suggest you to please uninstall McAfee with the help of removal
> tool and reinstall from your online account and not from the CD."
> That reply has not allayed my concern.
> I have scanned my computer with McAfee AntiVirus which (although the block
> in Windows Mail is still in place) is currently reporting only 6
> Potentionally unwanted Programs and adds that no action is required.
> Also Spybot gives a clean bill of health.
> AD-Aware reports a couple of MRU objects which I have quarantined on a
> number of occasions but they keep returning.
> The only program that has caused me a little concern is a-Squared Free
> which
> reports:
>
> Trace.directory.ebay 1 traces - med. risk
> (trace C:\program files\ebay\ebay toolbar 2)
>
> and Trace.file.ebay 2 traces--med risk
> (Trace:C:\program files\ebay\ebay toolbar 2\ebaytb.dll)
>
> McAfee has asked me to remove all the third party programs from my
> computer.
> My McAfee account is paid up to May 2010.
>
> Is it safe for me to proceed with the instructions I have been given by
> McAfee?
>
> Thank you
>

 

[Bogwitch]

S. Pidgorny <MVP> wrote:
> Uninstallation and reinstallation of security software is not the right way
> to remedy the problem of the software blocking other programs' actions.
> Based on that rationale, I consider instructions given to you by McAfee
> wrong and dangerous.
>
> You may wish to ask at McAfee forums - http://forums.mcafeehelp.com/

If the OP follows the advice from McAfee, after printing the email, and
the OPs worst fears are realised, could McAfee be held liable for any
subsequent work required to rectify any problems encountered?
Following good forensic practice, it might be advisable to take a
forensic snapshot of the system drive beforehand if a suitable backup
device is available.

Maybe the OP should ask McAfee if they are willing to accept
responsibility before proceeding with such dismal advice.

Bogwitch.

 

[S. Pidgorny]

G'day:

"Bogwitch" <Bogwitch@reply.to.group.fake> wrote in message
news:msTxi.19574$mo.15209@newsfe4-win.ntli.net...

> If the OP follows the advice from McAfee, after printing the email, and
> the OPs worst fears are realised, could McAfee be held liable for any
> subsequent work required to rectify any problems encountered?

I might be wrong here but the oftware license agreement limits McAfee's
liability.

> Following good forensic practice, it might be advisable to take a forensic
> snapshot of the system drive beforehand if a suitable backup device is
> available.
>
> Maybe the OP should ask McAfee if they are willing to accept
> responsibility before proceeding with such dismal advice.

I don't expect a guy in the call centre to respond meaningfully to such a
request.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

 

[Anteaus]

If you think your computer is infected, then the first thing is to isolate it
from the Internet. You are correct that going online would not be wise.

Next is to determine whether the threat is real, or a false positive. To
confirm this it is best to do tests with more than one virus-scanner. I tend
to use commandline scanners which can be loaded form CD, as that avoids going
online or installing software into the OS. To do this you of course need
another computer to make-up the scanning CD.

Having identified the threat, if it's a real one then you need to check
online literature (another computer needed again!) to see if removal is a
sensible option, or if a security disk-wipe would be a better option. All
depends on the type of virus and what damage it does.

Many of the antivirus vendors provide tools to remove specific malware, and
these often do a better job than a general-purpose scanner. The simplest
approach might be to try one of these.