Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized access blocked (Open Process Token) every 5 seconds


  • Please log in to reply
3 replies to this topic

#1 Kenshiro24

Kenshiro24

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 20 June 2010 - 10:48 PM

Hello,

I am getting Unauthorized access blocked (Open Process Token) every 5 seconds on my computer. This is showing up through Norton Security Suite as a medium threat but no action needed on my part. The actor is c:\windows\system32\taskeng.exe. It is targetting C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe.

What happen I was hit with a Trojan along with a rootkit if that is even possible. I got on the screen a message that some AV Software, that I don't have, has detected all these malware items on my machine. I closed my browser and tried to launch Malwarebyte's Anti-Malware but it said that the exe was infected and could not start. I had SuperAntiSpyware running on the systray so I ran a scan with that and it found 1 rogue, 3 fake AV items. Removed them and rebooted. After reboot ran Malwarebytes and it found 3 other rogues, removed them and rebooted. Came back up and noticed my proxy settings were changed so I ran tdskiller. It found one item and rebooted. Then the computer would not boot up, it ran file scan and then wouldn't boot saying a file was damaged. Selected boot from last good and the machine came up and everything is running good but that one thing in Nortons.

Has anyone else heard of this? Is this even an infection of malware? I have done a search on the site on Unauthorized access blocked (Open Process Token) but didn't see a fix for this. So before I dig myself a hole I cannot get out of without reformatting the whole computer I thought I should ask the experts.

Thank you for your time.

Edited by Orange Blossom, 20 June 2010 - 10:54 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:07:05 AM

Posted 16 July 2010 - 03:39 PM

The unauthorized access notification is caused by other programs and applications accessing Norton's files. Norton Tamper Prevention logs each access but since most things do access Norton to some extent it is quite normal and nothing to worry about.

You are very welcome to vist the Norton forums for any questions you might have about how your product works.

http://community.norton.com/

#3 Nasnema

Nasnema

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 22 August 2010 - 11:53 AM

In my opinion, if any computer with Norton Internet Security is logging the fact that the door is being shut on some process several times a minute may mean that Norton is successfully protecting the computer but does not mean there isn't anything to worry about.

Take my case: a sub account got infected with a key logger and then these messages kept appearing whenever it was logged in. The cause was something that was running from [HKCU\Software\Microsoft\Windows\Run]. The entries in there were of random names and you couldn't delete them because they would reappear. You couldn't delete the DLLs or EXEs they pointed to either (in AppData\Local) , even when the account was not logged in and an administrator was doing it. The solution was to use safemode logged in as an administrator and delete the programs being access from the run key. Now everything is back to normal with none of these messages coming up. Another way would be to delete the account, all the user's folders and start again. This is another classic reason for never surfing from an administrator account.

So when Symantec representives on their forums say there is nothing to worry about, when clearly there is something wrong that their product is not properly dealing with, makes me wonder if some of their staff need training.

#4 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:07:05 AM

Posted 07 November 2010 - 12:03 PM

I suspect that you may be confusing tamper protection with intrusion prevention. Anything showing as blocked in intrusion prevention should be looked at ASAP. Tamper protection, as I say, merely logs pokes at Norton files.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users