MalwareBytes (www.malwarebytes.org) is a good download to help clean stuff that your antivirus won't / can't clean. I've seen several times where your antivirus may report a problem but won't clean it and MWB will take care of it right away!
-----Original Message----- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, August 05, 2009 9:38 AM To: NT System Admin Issues Subject: Re: Virus? On 4 Aug 2009 at 14:39, RAY ZORZ wrote: > Our McAfee is picking up a buffer overflow error on IE. The actual .exe > changes, but the path is the same each time: > > C:\Documents and Settings\username\Application Data\upnpsvc.exe > (Trojan.Agent) > > McAfee doesn't seem to clean it, just report it. > > Does this look familiar to anyone? Looks like malware according to a quick scan of results from this search: http://www.google.com/search?q=upnpsvc.exe You can submit it to McAfee for examination here: McAfee Avert(r) Labs WebImmune https://www.webimmune.net/default.asp You can bring up your problems WRT what McAfee is seeing/doing (or not doing) in the McAfee Community forums here: CORPORATE PROTECTION IN BUSINESS ENVIRONMENT - McAfee Support Forums http://community.mcafee.com/forumdisplay.php?f=122 I searched the forums for "upnpsvc.exe" and found nothing. However, it is listed once in the McAfee VIL: BackDoor-AWQ.b!28a72340cbb6 http://vil.nai.com/vil/content/v_164324.htm ...Other detections that have been observed. FileName %USERPROFILE%\application data\upnpsvc.exe Name: Generic BackDoor.u HTH Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.406 / Virus Database: 270.13.44/2283 - Release Date: 08/05/09 05:57:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
