 |  |  |  |  |  |  |  |
VIRUS Alert from Mcafee
 |
Can u pl guide me for remove a malware ...
i got a alert from Mcafee that is "W32/Conflicker.warm.gen.a"..i had updated Mcafee..then the problem was solved..But now i got a message from Mcafee that is " "..i scaned my PC with Safe mode.but can't fix it. Pl help me anybody.
i got a alert from Mcafee that is "W32/Conflicker.warm.gen.a"..i had updated Mcafee..then the problem was solved..But now i got a message from Mcafee that is "
Detected As:BO:Writable BO:Stack...State:Blocked by Buffer Overflow Protection Last edited by crunchie; Jun 23rd, 2009 at 6:29 am.
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?
Deep, deep in the woods, but walking about.
•
•
•
•
Originally Posted by gerbil 
you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?
Thanks for ur reply.I had to temporarily disable System Restore on the system when during the time of Threat cleaned. i have updated all security updates from microsoft upto June 2009.and also use Malcious Removable tool.but same problem is occurred.first time when i scanned with Mcafee ENT 8.5 Dat 5654,some file cleaned and also deleted..here is no problem..but now i am getting this alert..we have 25 Pc in my network...all pc have same problem..what should i do.?only way to format then reinstall the OS on the all pcs?Please help me to rectify this problem...
Thanks,
•
•
Join Date: Jul 2008
Posts: 3,061
Reputation: 
Solved Threads: 174
That isn't what gerbil requested. HiJackThis was requested.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
The entries in your first log beginning with this time stamp give me a problem... 6/18/2009 3:05:17 PM -ok, give YOU a problem. We cannot be seen to be helping folks who circumvent legitimate software restrictions. You must delete these patches before we can offer advice.
I don't think they were the source of your infection, but again, I don't see why patches should contain trojans if license circumvention is all they were about.
Nice to have a hijackthis log, though.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Being now up to date with all patches is fine, but won't deal with an infection already in there. You might also try a rootkit scan... eg. GMER.
I don't think they were the source of your infection, but again, I don't see why patches should contain trojans if license circumvention is all they were about.
Nice to have a hijackthis log, though.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Being now up to date with all patches is fine, but won't deal with an infection already in there. You might also try a rootkit scan... eg. GMER.
Deep, deep in the woods, but walking about.
Plz see this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 6/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Colasoft Capsa 6.0 EE Demo\Capsa.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A085FE90-9F85-40B6-A747-0B697C896446}: NameServer = 203.145.184.47,203.145.184.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A7CF32-E297-4547-9B4D-5181001BD4C8}: NameServer = 203.145.184.32,203.145.184.42
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 3560 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 6/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Colasoft Capsa 6.0 EE Demo\Capsa.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A085FE90-9F85-40B6-A747-0B697C896446}: NameServer = 203.145.184.47,203.145.184.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A7CF32-E297-4547-9B4D-5181001BD4C8}: NameServer = 203.145.184.32,203.145.184.42
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 3560 bytes
Last edited by aamdevan; Jun 24th, 2009 at 2:47 am.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
You are in Chennai, I take it, aamdevan? Could you post the SAS and MBAM logs, please? They would be interesting for us. Your HJT log is clean,although I note that you could update IE to IE6 with W2000, SP4. for security purposes.
Perhaps try this scan....
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java. Panda will clean only virii, but it is superb at listing other malwares which can then be targeted.
Please ATTACH to your post the log it produces.
Perhaps try this scan....
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java. Panda will clean only virii, but it is superb at listing other malwares which can then be targeted.
Please ATTACH to your post the log it produces.
Last edited by gerbil; Jun 24th, 2009 at 7:53 am.
Deep, deep in the woods, but walking about.
|
Similar Threads
- Virus Alert! in my Toolbar - HELP (Viruses, Spyware and other Nasties)
- "VIRUS ALERT!" Jholland (or anybody else) if you could please help... (Viruses, Spyware and other Nasties)
- can't see c drive, virus alert in taskbar, same fixes as i read won't work (Viruses, Spyware and other Nasties)
- Problem VIRUS ALERT (Viruses, Spyware and other Nasties)
- VIRUS ALERT! in taskbar (Viruses, Spyware and other Nasties)
- Virus alert in task bar and IE page problems (Viruses, Spyware and other Nasties)
- Unable to remove Virus Alert, Pop Ups & IE Start Up page .. help ... (Viruses, Spyware and other Nasties)
- virus alert notification icon (help) (Viruses, Spyware and other Nasties)
- Virus ALert! (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: windows live 2009 error message 'send error'
- Next Thread: problem opening drives
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume warning windows worm yahoo
