Solved Not infected(?), but might as well be...

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  • Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. We are working to get everything back up as quickly as possible. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. We are working to have things back to normal. Emails are fixed and should now send properly. Thank you all for your patience. Thanks, PCHF Management
Status
Not open for further replies.
M

MzSpeed

PCHF Member
Feb 20, 2018
2
0
40
Hey guys, how is everyone today?

Aside of waking my PC to discover McAfee Security Scan Plus popped up on my screen with a shiny new icon on my desktop, Tuesday has so far been good!
My understanding is that McAfee can be included when downloading/updating a program like Adobe. It was installed a couple of weeks ago with no issues, and hasn't any updates since. It didn't mention anything about McAfee (no surprise), but even if I did miss it, I find it strange that it would install itself at such a later date.
"readerdc_en_ka_cra_install.exe removed" is displayed in my downloads bar.

I'd go through the normal uninstall process, but it sounds like removing this has been quite difficult for a lot of experienced users, so any suggestions/advice on how to go about this would be greatly appreciated.
 
Hi there @MzSpeed and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review by our Security Team

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon
eEGkHPS.jpg

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

hBYSf6z.jpg


The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Clean" button.

ftC2WaB.jpg


After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

jr9Bx9h.jpg


Please Copy and Paste the contents of the log file with your next reply.
 
Hey Guys, good morning!

Thank you so much for the thorough response, @jmarket! I love step-by-step instructions and know how much can go into making a cohesive tutorial, so I truly appreciate it! Hopefully I won't have to go through all that when I tell you guys that I solved the mystery.

Apparently the night before while I was sound asleep, my S/O was having issues editing & saving a PDF. It prompted him to download the latest version of Acrobat. He clicked on the link. There were 3 options, he selected Reader and continued to download. It notified him that Reader was already installed, then proceeded to download the other 2 options - one was McAffee, and the third he can't remember. Needless to say, I feel like a big ol dummy for thinking that it magically appeared overnight, as well as a little jerk for making a new rule regarding the desktop haha Such is life.

Thank you for sharing that link, @plodr! I found Photoshop, Acrobat Reader, Creative Cloud, Creative Cloud_bkp94A4DEE, and Adobe Sync in two different program files on the local disk. I'm not sure that I've ever noticed that before, is that normal? Program Files & Program Files (x86)
 
Sorry, I don't know. The only Adobe item I have on all the computers is flash and once Adobe stops that in 2020, I'll remove it.

If you have a 64 bit OS, perhaps Adobe adds the 32 bit version and the 64 bit version so that's why it appears in 2 locations.

You might want to install Unchecky
http://www.majorgeeks.com/files/details/unchecky_beta.html
this will make sure that an install Unchecks all those boxes with addon things you don't want!
 
Be a little careful thinking Unchecky will protect you from installing all unwanted applications. Some authors are know requiring a box/boxes to be ticked to prevent installation of unwanted crap in an attempt to bypass Unchecky.

@MzSpeed do you consider this issue solved?
 
Status
Not open for further replies.
Top Bottom