954,249 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
2 Years Ago
0

VIRUS Alert from Mcafee

Can u pl guide me for remove a malware ...

i got a alert from Mcafee that is "W32/Conflicker.warm.gen.a"..i had updated Mcafee..then the problem was solved..But now i got a message from Mcafee that is "



Detected As:BO:Writable BO:Stack...State:Blocked by Buffer Overflow Protection


"..i scaned my PC with Safe mode.but can't fix it. Pl help me anybody.

aamdevan
Newbie Poster
3 posts since Jun 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 
2 Years Ago
0
you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?


Here is my log file from Mcafee
Thanks for ur reply.I had to temporarily disable System Restore on the system when during the time of Threat cleaned. i have updated all security updates from microsoft upto June 2009.and also use Malcious Removable tool.but same problem is occurred.first time when i scanned with Mcafee ENT 8.5 Dat 5654,some file cleaned and also deleted..here is no problem..but now i am getting this alert..we have 25 Pc in my network...all pc have same problem..what should i do.?only way to format then reinstall the OS on the all pcs?Please help me to rectify this problem...
Thanks,

Attachments OnAccessScanLog.txt (17.77KB) BufferOverflowProtectionLog.txt (8.04KB)
aamdevan
Newbie Poster
3 posts since Jun 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

That isn't what gerbil requested. HiJackThis was requested.

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
2 Years Ago
0

The entries in your first log beginning with this time stamp give me a problem... 6/18/2009 3:05:17 PM -ok, give YOU a problem. We cannot be seen to be helping folks who circumvent legitimate software restrictions. You must delete these patches before we can offer advice.

I don't think they were the source of your infection, but again, I don't see why patches should contain trojans if license circumvention is all they were about.
Nice to have a hijackthis log, though.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Being now up to date with all patches is fine, but won't deal with an infection already in there. You might also try a rootkit scan... eg. GMER.

gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 
2 Years Ago
0

Plz see this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 6/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Colasoft Capsa 6.0 EE Demo\Capsa.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A085FE90-9F85-40B6-A747-0B697C896446}: NameServer = 203.145.184.47,203.145.184.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A7CF32-E297-4547-9B4D-5181001BD4C8}: NameServer = 203.145.184.32,203.145.184.42
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 3560 bytes

aamdevan
Newbie Poster
3 posts since Jun 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

You are in Chennai, I take it, aamdevan? Could you post the SAS and MBAM logs, please? They would be interesting for us. Your HJT log is clean,although I note that you could update IE to IE6 with W2000, SP4. for security purposes.
Perhaps try this scan....
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java. Panda will clean only virii, but it is superb at listing other malwares which can then be targeted.
Please ATTACH to your post the log it produces.

gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed