I think I have a problem with one of my heap memory pages . I ran ThreatExplorer Memory Scanner and it came back with two malicious items in the heap memory page. The log is posted. Any help would be greatly appreciated. Thank You
Full Scan Summary:
* Scan details:
o Scan started: Thursday, April 15, 2010 13:41:21
o Scan time: 02 minutes, 40 seconds
o Number of memory objects scanned: 5646
+ processes: 28
+ modules: 1486
+ heap pages: 4132
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 2
o Overall Risk Level: High
* Summary of the detected threat characteristics:
Severity Level What's been found
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations
* Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
* Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]
MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations
* Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
* Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]
* Summary of the detected memory objects:
Severity Level Memory Object
Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Back to top
