Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"MsMpEng.exe might be infected


  • Please log in to reply
No replies to this topic

#1 wymore

wymore

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 15 April 2010 - 02:34 PM

I think I have a problem with one of my heap memory pages . I ran ThreatExplorer Memory Scanner and it came back with two malicious items in the heap memory page. The log is posted. Any help would be greatly appreciated. Thank You


Full Scan Summary:

* Scan details:
o Scan started: Thursday, April 15, 2010 13:41:21
o Scan time: 02 minutes, 40 seconds
o Number of memory objects scanned: 5646
+ processes: 28
+ modules: 1486
+ heap pages: 4132
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 2
o Overall Risk Level: High

* Summary of the detected threat characteristics:

Severity Level What's been found


A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations

* Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
* Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]



MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations

* Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
* Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]

* Summary of the detected memory objects:

Severity Level Memory Object


Process "MsMpEng.exe", heap page: [0x06020000 - 0x06060000]
View detected characteristics

* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).



Process "MsMpEng.exe", heap page: [0x060e0000 - 0x06120000]
View detected characteristics

* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users