Update: I just read Mark Russinovich’s blog post entitled Hunting Down and Killing Ransomware. Hmm… I didn’t know that malware was now so aggressive, or that it was fairly prevalent, or that it could possibly use (for example) an IE vulnerability to install. (I have only ever seen installations where the user was stupid enough to be tricked into actively infecting their own system.)
With the above knowledge, I have decided to add this disclaimer: This post is intended for advanced users/developers only. (Typically, they would have figured out this stuff for themselves, so they don’t really need it, but never mind.) McAfee is a reputable company, and it’s software is comprised of tools that are genuine. I just find them annoying and I don’t need them. My own system was infected with malware once, around 9 years ago (I think). I am also intimately familiar with the Autoruns tool written about in the post mentioned above. If you are not like me, that is not a programmer, or not experienced and confidant that your system will not become infected, or that you would easily be able to remove any infections yourself (without breaking a sweat and while holding your breath) , then don’t follow the advice in this post. If your system regularly becomes infected with malware, or if you have read these two paragraphs several times and are still struggling to grasp an understanding of it’s meaning, then I suggest a running jump out of your balcony door, over your railings, and to the sweet relief your demise will bring to everybody who knows you.
A couple of weeks ago, some new software, McAfee SiteAdvisor version 3.5, appeared on my work machine. It was apparently deployed with some sort of corporate policy. It runs inside my browser, and does I know not what, apart from hanging the browser and tripping over it’s virtual shoelaces occasionally.
I Googled to find out how to uninstall this unwanted software, but all I found was some rather useless instructions on how to remove it from the Control Panel. Marvelous, except that requires stopping the service, and of course I do not have permission to stop the service.
Of course there’s a whole bunch of useless software being sold online that promises to uninstall anything and everything forever and again and forevermore, but fortunately I am smart enough to know that none of it will actually achieve anything at all when it will also be unable to stop or remove the service, to which it also has zero permission, so I will not waste any time on that.
Some people might say they choose to remove the software because it is intrusive, or something to that effect. As for me, I don’t like it because it is ugly. I mean, look at this shit. It must be using some sort of hook/hack, and it isn’t even in the right place on the window.
At this point, McCrappy might expect me to give up. “Oh dear me, I don’t have permissions to their shitty service! Oh woe is me!”
However, thinking just a little way outside of the box is enough to recall that this must be running as a plugin in my browser. I browse with Firefox, and it apparently runs each plugin in a separate instance of it’s plugin container process. (I have no idea if that statement is generally true, but no matter… it applies to this process.) This process can safely be terminated and won’t disturb the browser itself, or any of it’s other plugins.
I use Process Explorer out of habit, but I imagine you can do something similar with Task Manager.
Just select the process, and hit the Delete key. Goodbye ShiteAdvisor. It was not nice knowing you. Ashes to ashes. Dust to dust. May you rest in pieces.