Member Avatar for charm

Here is a sample of warning messages that the Symantec AV tamper protection pops up... Also, below that I have something interesting that shows up when I do a full system scan.. it starts scanning with \\.\c:\WINTNT ... wtf? I don't think that is what it normally starts with which has me worried.

Target: C:\Program Files\Symantec AntiVirus\DoScan.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005
11:19:20 AM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\PROGRA~1\SYMANT~1\VPTray.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM

===

rundll32.exe is also a process which is registered as the W32.Miroot.Worm

====


Symantec Starts full scan with:

\\.\C:\WINNT\Temp

  • 2 Contributors
  • 1 Reply
  • 109 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by swatkat
Member Avatar for swatkat

Hi,
I would suggest you to run Online virus scan at Panda ActiveScan (with "Disinfection" option enabled) and Trend Micro HouseCall (with "Auto Clean" option enabled).

Also, download CCleaner and install it. Run it, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.