Help.. Tamper Protection shows SymantecAV blocked by "rundll32.exe"

Reply

Join Date: Aug 2005
Posts: 5
Reputation: charm is an unknown quantity at this point 
Solved Threads: 0
charm charm is offline Offline
Newbie Poster

Help.. Tamper Protection shows SymantecAV blocked by "rundll32.exe"

 
0
  #1
Sep 14th, 2005
Here is a sample of warning messages that the Symantec AV tamper protection pops up... Also, below that I have something interesting that shows up when I do a full system scan.. it starts scanning with \\.\c:\WINTNT ... wtf? I don't think that is what it normally starts with which has me worried.

Target: C:\Program Files\Symantec AntiVirus\DoScan.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005
11:19:20 AM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM



SYMANTEC TAMPER PROTECTION ALERT

Target: C:\PROGRA~1\SYMANT~1\VPTray.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM

===

rundll32.exe is also a process which is registered as the W32.Miroot.Worm

====


Symantec Starts full scan with:

\\.\C:\WINNT\Temp
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Help.. Tamper Protection shows SymantecAV blocked by "rundll32.exe"

 
0
  #2
Sep 14th, 2005
Hi,
I would suggest you to run Online virus scan at Panda ActiveScan (with "Disinfection" option enabled) and Trend Micro HouseCall (with "Auto Clean" option enabled).

Also, download CCleaner and install it. Run it, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 5067 | Replies: 1
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware antivirus apple audio avg botnet botnets censorship combofix commercial commercials conficker crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit explorer facebook fancheckvirus firefox gaming gtaiv gumblar halloween herss.exe hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news norton obama onlinethreats paedophile panel patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC