DOH!! Now that's funny right there... Dave
-----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Friday, March 12, 2010 7:50 AM To: NT System Admin Issues Subject: Re: Weird... Like I said - you have malware. Yours is commercial... On Fri, Mar 12, 2010 at 07:12, David Lum <[email protected]> wrote: > Solved: > https://kc.mcafee.com/corporate/index?page=content&id=KB68448 > > We just rolled out 8.7i Patch 3 > We have this rule in "warn only" mode, but would have been screwed if it had > been enabled. > > Dave > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, March 11, 2010 12:05 PM > To: NT System Admin Issues > Subject: Re: Weird... > > Not so weird. > > Lots of malware likes to attach itself to a native Windows process to > hide itself, and explorer is probably the most popular. > > <AOL> > You've got malware! > </AOL> > > On Thu, Mar 11, 2010 at 11:19, David Lum <[email protected]> wrote: >> So, McAfee can monitor all sorts of things. Normally I get 20-30 of these an >> hour for various machine here, but today I’m getting *hundreds* an hour – >> something’s up but I don’t knows what it is. >> >> >> >> Threat name: Anti-virus Standard Protection:Prevent Windows Process spoofing >> >> >> >> Source process name: C:\WINDOWS\Explorer.EXE >> >> >> >> Target file name: C:\WINDOWS\explorer.exe >> >> >> >> >> >> David Lum // SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 // (Cell) 503.267.9764 >> >> >> >> >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
