Solved: https://kc.mcafee.com/corporate/index?page=content&id=KB68448
We just rolled out 8.7i Patch 3 We have this rule in "warn only" mode, but would have been screwed if it had been enabled. Dave -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, March 11, 2010 12:05 PM To: NT System Admin Issues Subject: Re: Weird... Not so weird. Lots of malware likes to attach itself to a native Windows process to hide itself, and explorer is probably the most popular. <AOL> You've got malware! </AOL> On Thu, Mar 11, 2010 at 11:19, David Lum <[email protected]> wrote: > So, McAfee can monitor all sorts of things. Normally I get 20-30 of these an > hour for various machine here, but today I’m getting *hundreds* an hour – > something’s up but I don’t knows what it is. > > > > Threat name: Anti-virus Standard Protection:Prevent Windows Process spoofing > > > > Source process name: C:\WINDOWS\Explorer.EXE > > > > Target file name: C:\WINDOWS\explorer.exe > > > > > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
