VIRUS Alert from Mcafee

Question

aamdevan 0 Newbie Poster

14 Years Ago

Can u pl guide me for remove a malware ...

i got a alert from Mcafee that is "W32/Conflicker.warm.gen.a"..i had updated Mcafee..then the problem was solved..But now i got a message from Mcafee that is "

Detected As:BO:Writable BO:Stack...State:Blocked by Buffer Overflow Protection

"..i scaned my PC with Safe mode.but can't fix it. Pl help me anybody.

windows-virus

3 Contributors
6 Replies
186 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by gerbil

All 6 Replies

gerbil 216 Industrious Poster

14 Years Ago

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

jholland1964 650 Posting Expert

14 Years Ago

That isn't what gerbil requested. HiJackThis was requested.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

aamdevan 0 Newbie Poster · Answer 1 · 2009-06-24T10:34:58+00:00

aamdevan 0 Newbie Poster

14 Years Ago

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

Here is my log file from Mcafee
Thanks for ur reply.I had to temporarily disable System Restore on the system when during the time of Threat cleaned. i have updated all security updates from microsoft upto June 2009.and also use Malcious Removable tool.but same problem is occurred.first time when i scanned with Mcafee ENT 8.5 Dat 5654,some file cleaned and also deleted..here is no problem..but now i am getting this alert..we have 25 Pc in my network...all pc have same problem..what should i do.?only way to format then reinstall the OS on the all pcs?Please help me to rectify this problem...
Thanks,

BufferOverflowProtectionLog.txt (8.04 KB)

6/15/2009	7:42:34 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/15/2009	7:44:51 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/15/2009	10:17:57 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/15/2009	10:34:38 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	12:38:39 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	1:16:31 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	3:14:54 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	5:46:35 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	8:20:23 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	9:42:54 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	10:52:07 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	12:34:25 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	1:13:52 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	3:19:12 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	3:50:34 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	6:10:22 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	6:17:11 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	8:48:02 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	9:03:43 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/16/2009	11:15:49 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	12:04:28 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	1:39:32 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	3:05:24 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	4:11:19 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	5:43:20 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	6:50:00 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	8:35:01 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	9:15:55 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	10:18:32 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	11:12:43 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	12:13:24 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	2:51:25 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	4:56:40 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	5:28:29 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	7:48:37 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	7:57:08 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	10:22:13 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/17/2009	10:24:49 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	12:58:29 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	1:14:08 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	3:25:04 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	4:14:50 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	5:41:46 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	6:52:39 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	8:08:26 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	9:43:15 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	10:59:37 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	3:23:39 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	8:48:43 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/18/2009	11:32:10 PM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/19/2009	2:18:04 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/19/2009	5:20:01 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack
6/19/2009	7:54:46 AM	Blocked by Buffer Overflow Protection 	NT AUTHORITY\SYSTEM	C:\WINNT\system32\services.exe:KERNEL32.LoadLibraryA	BO:Writable BO:Stack

OnAccessScanLog.txt (17.77 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

6/15/2009	6:19:54 PM		Engine version                          =	5100.0194
6/15/2009	6:19:54 PM		AntiVirus   DAT version                 =	4893.0000
6/15/2009	6:19:54 PM		Number of detection signatures in EXTRA.DAT =	None
6/15/2009	6:19:54 PM		Names of detection signatures in EXTRA.DAT  =	None
6/15/2009	6:29:38 PM		Engine version                          =	5301.4018
6/15/2009	6:29:38 PM		AntiVirus   DAT version                 =	5651.0000
6/15/2009	6:29:38 PM		Number of detection signatures in EXTRA.DAT =	None
6/15/2009	6:29:38 PM		Names of detection signatures in EXTRA.DAT  =	None
6/15/2009	6:29:38 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\UpdateOptions.ini	
6/15/2009	6:29:47 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PIS14.xml	
6/15/2009	6:29:47 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/15/2009	6:29:48 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\Program Files\Common Files\McAfee\Engine\config.dat	
6/15/2009	6:33:43 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PIS14.xml	
6/15/2009	6:33:47 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\LastProp.xml	
6/15/2009	6:44:47 PM		Engine version                          =	5301.4018
6/15/2009	6:44:47 PM		AntiVirus   DAT version                 =	5651.0000
6/15/2009	6:44:47 PM		Number of detection signatures in EXTRA.DAT =	None
6/15/2009	6:44:47 PM		Names of detection signatures in EXTRA.DAT  =	None
6/16/2009	12:04:52 AM		Engine version                          =	5301.4018
6/16/2009	12:04:52 AM		AntiVirus   DAT version                 =	5652.0000
6/16/2009	12:04:52 AM		Number of detection signatures in EXTRA.DAT =	None
6/16/2009	12:04:52 AM		Names of detection signatures in EXTRA.DAT  =	None
6/16/2009	12:05:54 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:07:40 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:09:26 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE	
6/16/2009	12:09:30 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PIS14.xml	
6/16/2009	12:09:30 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:11:17 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:13:15 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:16:41 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Program Files\McAfee\VirusScan Enterprise\Shutil.dll	
6/16/2009	12:17:37 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\EntVUtil.EXE	C:\Program Files\McAfee\VirusScan Enterprise\vscan.bof	
6/16/2009	12:17:38 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Task\7.ini	
6/16/2009	12:17:39 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Task\TaskInternalData\7.ini	
6/16/2009	12:17:39 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Task\{74846D5F-3402-4F40-BCE1-E0BB8CCDCD46}.ini	
6/16/2009	12:18:32 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Task\TaskInternalData\5.ini	
6/16/2009	12:19:26 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	12:21:15 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:02:59 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\avvscan.dat	
6/16/2009	10:02:59 PM		Engine version                          =	5301.4018
6/16/2009	10:02:59 PM		AntiVirus   DAT version                 =	5653.0000
6/16/2009	10:02:59 PM		Number of detection signatures in EXTRA.DAT =	None
6/16/2009	10:02:59 PM		Names of detection signatures in EXTRA.DAT  =	None
6/16/2009	10:03:59 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:05:43 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:06:41 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll	
6/16/2009	10:07:35 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PIS14.xml	
6/16/2009	10:07:37 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\SiteList.xml	
6/16/2009	10:07:37 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:08:38 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\WINNT\System32\stdole2.tlb	
6/16/2009	10:09:37 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:10:34 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	\??\C:\WINNT\system32\winlogon.exe	C:\WINNT\System32\GroupPolicy\gpt.ini	
6/16/2009	10:11:37 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:13:51 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:15:47 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe	C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll	
6/16/2009	10:15:51 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Program Files\McAfee\VirusScan Enterprise\Shutil.dll	
6/16/2009	10:17:30 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\NextProp.xml	
6/16/2009	10:19:17 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\SiteList.xml	
6/16/2009	10:20:12 PM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\WINNT\system32\rpcss.dll	
6/18/2009	12:06:30 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe	C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\SiteStat.xml	
6/18/2009	12:06:30 AM		Engine version                          =	5301.4018
6/18/2009	12:06:30 AM		AntiVirus   DAT version                 =	5654.0000
6/18/2009	12:06:30 AM		Number of detection signatures in EXTRA.DAT =	None
6/18/2009	12:06:30 AM		Names of detection signatures in EXTRA.DAT  =	None
6/18/2009	12:07:06 AM	Not scanned  (scan timed out) 	NT AUTHORITY\SYSTEM	C:\Program Files\Network Associates\Common Framewo

gerbil 216 Industrious Poster · Answer 2 · 2009-06-24T11:26:06+00:00

The entries in your first log beginning with this time stamp give me a problem... 6/18/2009 3:05:17 PM -ok, give YOU a problem. We cannot be seen to be helping folks who circumvent legitimate software restrictions. You must delete these patches before we can offer advice.

I don't think they were the source of your infection, but again, I don't see why patches should contain trojans if license circumvention is all they were about.
Nice to have a hijackthis log, though.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Being now up to date with all patches is fine, but won't deal with an infection already in there. You might also try a rootkit scan... eg. GMER.

aamdevan 0 Newbie Poster · Answer 3 · 2009-06-24T11:46:32+00:00

Plz see this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 6/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Colasoft Capsa 6.0 EE Demo\Capsa.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A085FE90-9F85-40B6-A747-0B697C896446}: NameServer = 203.145.184.47,203.145.184.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A7CF32-E297-4547-9B4D-5181001BD4C8}: NameServer = 203.145.184.32,203.145.184.42
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 3560 bytes

gerbil 216 Industrious Poster · Answer 4 · 2009-06-24T16:51:03+00:00

You are in Chennai, I take it, aamdevan? Could you post the SAS and MBAM logs, please? They would be interesting for us. Your HJT log is clean,although I note that you could update IE to IE6 with W2000, SP4. for security purposes.
Perhaps try this scan....
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java. Panda will clean only virii, but it is superb at listing other malwares which can then be targeted.
Please ATTACH to your post the log it produces.

VIRUS Alert from Mcafee

Recommended Answers Collapse Answers

All 6 Replies

Recommended Answers