Forum Thread: McAfee

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
Nikilet McAfee
Member 12th Nov, 2009 05:31
Ranking: 7
Posts: 334
User Since: 15th Jul, 2008
System Score: N/A
Location: N/A
I don't have any McAfee products on my system, but when I look under PSI's Patched tab it shows McAfee Virtual Technician Active X Control in the following path:
C:\Windows\Downloaded Program Files\MVT.dll

Awhile back Windows Problem Reports stated some problem was caused by McAfee and I should update it. I didn't have any McAfee products at that time so I just ignored it. Could it be this item and should I remove it?

Maurice Joyce RE: McAfee
Handling Contributor 12th Nov, 2009 09:19
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Dump it.

The traditional method to remove ActiveX is:

* * * Windows XP
++++++++++++++++


launch command prompt from accessories in the programs list
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list
type: del <name of correct file without these braces>
press enter
type: exit
press enter

* * * Vista
+++++++++++

Open Start/Search
type "Command Prompt" into the search window
A Command Prompt icon will display
Right click on it
select "Run as administrator"
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list (mine was named as shown)
type: del <name of correct file without these braces>
press enter
type: exit
press enter





--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 14th Nov, 2009 06:52
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
When I did this I found more items in that command box that look to me like they belong to McAfee. I googled each one and this is what I found:
McContentMgr.dll
McHealthCheck.dll
McLogMgr.dll
McPlugins.dll
McProdMgr.dll

I think from my googling that all these are associated with McAfee Virtual Technician. I know on that last one it said this will run every time you start your computer. Is it safe for me to remove these using that same process you gave me above.
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 14th Nov, 2009 16:33
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
From this & other posts it is clear U have some dross in the registry.

If I send U EXACT instructions are U confident enough to enter the registry & remove items?

Despite much gloom I read on other posts there is no real danger except for tourists!





--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 14th Nov, 2009 19:21
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Yes, I feel I can follow directions to make changes in the registry.
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 14th Nov, 2009 19:24
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
OK - I have also answered another of your posts.

I have to make a housecall shortly so will post it for you overnight.

As a point of interest do U have CCleaner installed?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 14th Nov, 2009 19:48
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
I used to but took it off because I have paid version of Registry Mechanic which I use pretty regularly to clean registry. Someone wrote somewhere that CCleaner is good to take junk off your computer but to be very careful about using it to clean the registry. But I am willing to install it again if you tell me that it is safe to use.
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 15th Nov, 2009 03:01
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
CLEARING UP LEFTOVERS FROM AN UNINSTALL USING THE REGISTRY
================================================== ========
Sorry, this post is a bit long but I do not know your skill level so have included all basic details.

A bit of information that U can refer to once in the registry to help with navigation & exposed details.

1. The Registry has exactly the same layout as Windows Explorer but only has one "CABINET" called My Computer - it is in the LEFT pane at the top.

2. The My Computer "Cabinet" has 5 "DRAWERS" starting with HKEY_CLASSES_ROOT & ending with HKEY_CURRENT_CONFIG

For this exercise U should only open & delete, if necessary, from the following "drawers"
a. HKEY_CURRENT_USER
b. HKEY_LOCAL_MACHINE


3. Inside each "Drawer" are FOLDERS directly associated to the "Drawer".

4. Inside each Folder are the "SUB FOLDERS & FILES" with the "nitty gritty" details.

5. The RIGHT pane exposes details of the sub folders & files.


* U may wish to copy (CTRL+C) & paste (CTRL+V) the next bit to Notepad or Word.

* IF U ARE NOT FAMILIAR WITH THE REGISTRY U WILL BE PERFECTLY SAFE IF U JUST FOLLOW THE SCRIPT BELOW. CHANGING OTHER SETTINGS THAT U BELIEVE MAY HELP YOUR CAUSE COULD PROVE TROUBLESOME!

Go to Start>Run>In the box that appears type REGEDIT>click OK.

U are now in the registry and what has previously been explained should be seen. Look in the LEFT pane for the key HKEY_CURRENT_USER>expand the key by clicking on the + sign.

Look for SOFTWARE>expand that key by clicking on the + sign. Can U see McAfee in the long list of programmes exposed?

If U can, RIGHT click on the folder & select delete
. When U click on any key it is normal that the "nitty gritty" elements of that folder are exposed in the right hand pane.

Now navigate to key HKEY_LOCAL_MACHINE> find & expand SOFTWARE & repeat the procedure U have just done.

It is worth spending a bit of time with these two keys as there could be other dross in there. JUST BE CAREFUL & ONLY REMOVE PROGRAMMES U ARE ABSOLUTELY SURE ARE NO LONGER USED ON YOUR PC. IF UNSURE ASK BEFORE DELETING.

For example, U mentioned U once had CCleaner installed. Is there an entry called PIRIFORM? If so by clicking the + sign against that name will clearly tell U it is CCleaner.

U may also find Norton - if U do not use any Norton (Symantic) products it is dross.

Just be sure U right click on the folders marked PIRIFORM & NORTON & select delete.

If U have removed extra dross have U cleared it from both HKEY areas exactly the same as searching for McAfee?

If happy,exit the registry by right clicking the red X (top right).

Now run your Registry Mechanic.

Reboot.

Run a full PSI scan.


01:43 15/11/2009




--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 15th Nov, 2009 20:51
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
I have printed your instructions off but before I begin there is one question I have.

You told me how to remove the one item that Secunia showed for McAfee in it's Patched tab, using the command prompt. Since doing that there are no longer any items in Secunia's Patched tab for McAfee.

It was in that black command box where these other Mc items showed up. Why could one not remove those the same way I removed that first item?
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 15th Nov, 2009 21:07
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U can & I would advise U to do that.

If that clears up the security issue (it will) then U have cleared the immediate problem.

U then have the options to go to the registry & have a look as described to seek & eliminate more dross & prevent possible future issues.

On the other hand U can just keep my script & use it as & when - it is perfectly safe.

Up to U - I think we are agreed that the main issue is to get the PC Secunia 100% secure.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 15th Nov, 2009 21:52
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
I did go ahead with the registry instructions. In addition to the McAfee I removed 5 additional keys for programs I was sure I no longer had.

From HKEY_CURRENT_USER I removed 5 keys in addition to McAfee.

They were ESET because I know that's from an online scan I did; Fugazo, a game key; Innovative Solutions (Advanced Installer Pro) which I uninstalled a long time ago; RocketDock and Uniblue.

When I went to HKEY_LOCAL_MACHINE I assumed I would find all those same keys there under Software but I didn't. I found only 2 of the 6 keys which were Eset and Innovative Solutions. Does that sound right?

For programs or games I have installed I use Revo Uninstaller when I get rid of them. When it comes to any Windows components, Adobe, Java I use the Windows Remove Programs. I know these keys I removed are from programs I no longer have but I'm still about half scared to restart.

I guess if I restart and it goes ok I'll report back and if you don't hear from me you know something went wrong.
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 15th Nov, 2009 22:06
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Last edited on 15th Nov, 2009 22:13
Restart went ok, but still wondering if it was right that I didn't find all the keys in both places so would appreciate your comment on that.

Just for the heck of it I decided to run that code you gave me in the command box again and every single one of those Mc items I listed earlier is still there. I'm 99% sure they are all related to that McAfee Virtual Technician, so I give up. Not going to worry about it anymore at this point.

I've been kind of a pest so hope I don't have to bother you for anything for a while!
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 15th Nov, 2009 22:57
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Well done U I say. Scared to reboot? That is the fun of IT - U followed the scripts - works every time.

There should be no fear of the registry removing useless software & some of the hype I see is nothing short of scare mongering as U have proved.

What U describe can happen. It just proves the haphazard way vendors (particularly freebies) go about their business of uninstalling their products.

To some extent it also proves Revo is not the greatest tool at removal if used to uninstall the 5 elements U found.

I hope U keep my little script. It is the only way to find software dross. All it requires is confidence to get in the registry.

U are not being a pest. If U want details of a magic tool that WILL move those useless McAfee items let me know & I will gladly give U the instructions.

Just to confirm. PSI is now showing U 100% & U have no vulnerabilities hidden with an ignore rule?



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 15th Nov, 2009 23:14
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Last edited on 15th Nov, 2009 23:27
Yes, I'd like details of how to remove this McAfee stuff, however, am I right that it is McAfee stuff? And is it possible for this stuff to be there even tho registry key has been removed?

As to PSI, no it isn't 100% because I still have that one Shockwave 10x item that was discussed in another post. I'll have to find that post because can't remember exactly what Adobe told me. I had two items for this Shockwave 10x and now I only have one. Let me check out previous post and then I'll get back to you on that.
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 15th Nov, 2009 23:31
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
These are the 2 items psi showed as insecure
C:\Windows\System32\Macromed\Shockwave 10\SwOnce.dll
C:\Windows\System32\Macromed\Shockwave 10\SwInit.exe

This is what Adobe said about them:
There is no threat from 10.4.1.26 and it is indeed a backward compatibilty player for pre-Unicode content. Tell whatever to ignore it - it's still in active development and 10.4.1.27 is on the verge of release

One of the items has disappeared from psi insecure, the SwInit.exe
The other, SwOnce.dll still remains so my psi doesn't show 100% secure. Since Adobe said not to worry about it I haven't created an ignore rule as I was to be kept aware. Your thots on this are appreciated.
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 15th Nov, 2009 23:44
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 15th Nov, 2009 23:59
Looks like U have got it 100% in order.

I can confirm the stubborn files U have found are indeed McAfee. The details & keys are here:

ActiveX :{8701CF0B-02DB-4E45-9F19-742443552812}=c:\windows \downloaded program files\mccontentmgr.dll=[DLL and OCX = McContentMgr.dll]

ActiveX :{053F388B-1884-48EF-A46F-0377380612A5}=c:\windows \downloaded program files\mchealthcheck.dll=[DLL and OCX = McHealthCheck.dll]

ActiveX :{2F51F70F-3293-4CFC-A7E6-9827448CE550}=c:\windows \downloaded program files\mclogmgr.dll=[DLL and OCX = McLogMgr.dll]

ActiveX :{3E425DA9-C276-48BB-96B3-BB6A35DB0AF7}=c:\windows \downloaded program files\mcplugins.dll=[DLL and OCX = McPlugins.dll]

ActiveX :{51F630AF-4687-498F-94AD-A1DBADE71FDA}=c:\windows \downloaded program files\mcprodmgr.dll=[DLL and OCX = McProdMgr.dll]

ActiveX :{281C41D0-1E0D-4DCD-A4DE-74BB3DFBC46E}=c:\windows \downloaded program files\mvt.dll=[DLL and OCX = MVT.dll]

U should really remove them using the same method as the original troublesome McAfee file. My investigation revealed they can be troublesome if the actual programme is not in use.

Edit: Reboot before U recheck all the items are history.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 16th Nov, 2009 00:54
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Success! I removed them, rebooted and then opened cmd to check and they are all gone. It has been so wonderful to get real, honest help -- and help given with patience rather than an attitude of making one feel even dumber than ever.

McAfee came preinstalled on my computer and I removed it. I even used McAfee's removal tool and it apparently didn't remove these things.

You don't by chance help out on any other forums do you?
Was this reply relevant?
+0
-0
Maurice Joyce RE: McAfee
Handling Contributor 16th Nov, 2009 10:59
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Nice to see someone else is safe & sound.


As I said the only real way to clear your PC is to be confident with the registry from the script U now have. Add/remove,removal tools & programmes like Revo are not a complete answer despite the hype.

I am not active on any other Forum. I only try to help on this Forum because I believe Secunia have produced the best security tool available for all levels of IT expertise.

Some just need a little help after running a scan.

U might like to look at this thread & my post to Fred.

http://secunia.com/community/forum/thread/show/305...

If interested just let me know.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Nikilet RE: McAfee
Member 16th Nov, 2009 21:07
Score: 7
Posts: 334
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
I assume by that thread you posted for me you meant do I want a print out of all your fixes? Is that it? If so, I suppose that wouldn't be a bad idea although I might still have to come here for help with using them.

As to creating an ignore rule for Drive D, I have already done that. I think you suggested that to me in an earlier post.
Was this reply relevant?
+0
-0

This thread has been marked as locked.