0

Here is a sample of warning messages that the Symantec AV tamper protection pops up... Also, below that I have something interesting that shows up when I do a full system scan.. it starts scanning with \\.\c:\WINTNT ... wtf? I don't think that is what it normally starts with which has me worried.

Target: C:\Program Files\Symantec AntiVirus\DoScan.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005
11:19:20 AM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\PROGRA~1\SYMANT~1\VPTray.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\WINNT\system32\rundll32.exe (PID 1720)
Time: Wednesday, September 14, 2005 11:19:22 AM

===

rundll32.exe is also a process which is registered as the W32.Miroot.Worm

====


Symantec Starts full scan with:

\\.\C:\WINNT\Temp

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by swatkat
0

Hi,
I would suggest you to run Online virus scan at Panda ActiveScan (with "Disinfection" option enabled) and Trend Micro HouseCall (with "Auto Clean" option enabled).

Also, download CCleaner and install it. Run it, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.