On 4 Aug 2009 at 14:39, RAY ZORZ wrote:
> Our McAfee is picking up a buffer overflow error on IE. The actual .exe
> changes, but the path is the same each time:
>
> C:\Documents and Settings\username\Application Data\upnpsvc.exe
> (Trojan.Agent)
>
> McAfee doesn't seem to clean it, just report it.
>
> Does this look familiar to anyone?
Looks like malware according to a quick scan of results from this search:
http://www.google.com/search?q=upnpsvc.exe
You can submit it to McAfee for examination here:
McAfee Avert(r) Labs WebImmune
https://www.webimmune.net/default.asp
You can bring up your problems WRT what McAfee is seeing/doing (or not doing)
in the McAfee Community forums here:
CORPORATE PROTECTION IN BUSINESS ENVIRONMENT - McAfee Support Forums
http://community.mcafee.com/forumdisplay.php?f=122
I searched the forums for "upnpsvc.exe" and found nothing. However, it is
listed once in the McAfee VIL:
BackDoor-AWQ.b!28a72340cbb6
http://vil.nai.com/vil/content/v_164324.htm
...Other detections that have been observed.
FileName %USERPROFILE%\application data\upnpsvc.exe
Name: Generic BackDoor.u
HTH
Angus
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
