SAV 10 just started flagging hosts entires

Author	All Replies
Indy Sabre Sabre Rider From Indianapolis join:2003-10-02 1 edit	SAV 10 just started flagging hosts entires Just tonight, SAV 10's Startup auto generated quick scan just started finding and trying to remove entries in my hosts file. I am running the latest MVPS hosts file and SAV is finding entries such as .mcafee.com and .CA.com. Just wondered if anyone else has started to see this?
	to forum · permalink · · 2007-11-11 22:01:50 · (locked)
PrntRhd join:2004-11-03 Fairfield, CA ·Comcast ·Comcast Formerly ..	Re: SAV 10 just started flagging MVPS hosts entires Oh great, now another issue with Symantec AVs conflicting with security software. See the others: »Norton and SpywareBlaster updates causing FP (likely) »CCleaner now installs with adware?
	to forum · permalink · · 2007-11-11 23:01:53 · (locked)
Indy Sabre Sabre Rider From Indianapolis join:2003-10-02	reply to Indy Sabre Well i may have been wrong. It kept flagging so i did a full scan and SAV found this - Adware.SystemProcess Updated: February 13, 2007 11:46:22 AM Type: Adware Version: 1.0.0.1 Risk Impact: High File Names: ccapp.exe,navshext.dll Systems Affected: Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP It was weird that i got hit with this since I surf XP in alimited account with Sav 10, Windows Defender, spywareblaster and MVPS hosts running realtime. I use Fire Fox with no script. Tech details form SAV - When Adware.SystemProcess is executed, it performs the following actions: Creates the following files: %System%\ccapp.exe %System%\navshext.dll %System%\p.dat %System%\system.dat Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Downloads the following file: %System%\ustart.exe (This is detected as Adware.WintaskAd.) Creates the following registry subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Startup HKEY_LOCAL_MACHINE\SOFTWARE\System Process HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects \{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\anrdoezrs.net HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\bfast.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\cc-dt.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\commission-junction.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\dpbolvw.net HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\fastclick.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\fastclick.net HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\jdoqocy.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\kqzyfj.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\linksynergy.com HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\qksrv.net HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003 \Software\Microsoft\Windows\CurrentVersion\Internet Settings \P3P\History\tkqlhce.com Adds the value: ".system-processes.com" = "" to the registry subkey: HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software \Microsoft\Internet Explorer\New Windows\Allow Adds the value: "%Windir%\system32\ccapp.exe" = "%Windir%\system32\ccapp.exe::Enabled:System Process" to the registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \SharedAccess\Parameters\FirewallPolicy\StandardProfile \AuthorizedApplications\List Adds the value: "System Process Uninstall" = "%Windir%\system32\ccapp.exe UAF" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ********** Doing adaware and defender scans now.
	to forum · permalink · · 2007-11-11 23:10:19 · (locked)
MagMan Life is simpler when you tell the truth. Premium join:2003-10-01 Westlake, OH ·AT&T Midwest ·AT&T Midwest	Welcome to the club. »Norton and SpywareBlaster updates causing FP (likely) »CCleaner now installs with adware? -- "The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."
	to forum · permalink · · 2007-11-11 23:14:16 · (locked)
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·AT&T Southeast ·Vonage ·Cingular Wireless ·AT&T CallVantage	reply to Indy Sabre I don't see any .mcafee.com and .ca.com entries, but the latest release of the MVPS hosts file does contain entries for: ads.mcafee.com directads.mcafee.com sdc.mcafee.com sdc.ca.com SAV may be a bit paranoid for flagging those entries, but they are definitely mcafee.com and ca.com entries, and modifying the DNS response for security sites is certainly a not uncommon tactic used by malware purveyors. I doubt that SAV is targeting MVPS. It is more likely that they just got a bit sloppy with their hosts file interpretation. -- History does not long entrust the care of freedom to the weak or the timid. -- Dwight D. Eisenhower Test your firewall. Smell the flowers.
	to forum · permalink · · 2007-11-11 23:21:09 · (locked)
Indy Sabre Sabre Rider From Indianapolis join:2003-10-02 3 edits	reply to MagMan Re: SAV 10 just started flagging hosts entires I just checked my spywareblaster and I have 6 entires now disabled in IE protection like mentioned in the other thread. Defender and Adware came back clean. Looks like SAV FP seeing Spywareblastrer entries........sorry I jumped the gun thinking it was MVPS Hosts.
	to forum · permalink · · 2007-11-11 23:21:44 · (locked)
MagMan Life is simpler when you tell the truth. Premium join:2003-10-01 Westlake, OH ·AT&T Midwest ·AT&T Midwest 1 edit	Re: SAV 10 just started flagging MVPS hosts entires Yes we have been having this discussion all day here in the security forum.My opinion is it is a FP that will hopefully be corrected soon by Norton. Amysheehan has submitted the above threads to Symantec should have answers tomorrow. -- "The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."
	to forum · permalink · · 2007-11-11 23:25:48 · (locked)
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable	said by MagMan : Yes we have been having this discussion all day here in the security forum.My opinion is it is a FP that will hopefully be corrected soon by Norton. Amysheehan has submitted the above threads to Symantec should have answers tomorrow. Yes, I have sent this topic over to Symantec for resolution. [ This reminder - my contact probably won't get the info until early Monday morning east coast time ] Thanks for your patience. -amy- -- DSLR Phishtracker
	to forum · permalink · · 2007-11-12 00:34:00 · (locked)
mrsplants join:2005-10-27 East Falmouth, MA	I got this too on one of my pcs its in quarantine right now I didnt know what to do about it. I don't have spyblaster installed on this pc. I do have Spybot S&D and I ran that its ok but it didnt pick this up.
	to forum · permalink · · 2007-11-12 09:21:56 · (locked)
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable 1 edit	reply to Indy Sabre Issue resolved --- 12 November Full info The first set of definitions containing the fixed script is – Rapid Release Sequence – 75350 Version – 12th November 2007 (rev. 020) NOTE: Please make sure to select the appropriate release for your version and Operating System. These updates will be available using the certified definitions from the 13th onwards. Many thanks to my friends at Symantec who worked this issue today [ a holiday ] and got back to me with the official word before 5PM Pacific !!!! Link to rapid release definitions: »www.symantec.com/avcenter/rapidr···oad.html -amy- -- DSLR Phishtracker
	to forum · permalink · · 2007-11-12 20:19:15 · (locked)
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable	reply to Indy Sabre Re: SAV 10 just started flagging hosts entires Please post any follow-up info to this consolidated thread here »NAV/ SAV defintions release for 'weekend bug-fixes' It will be used to follow up all the issues pre and post definitions update for more follow-thru by Symantec and the teams who work to make products interact properly for every ones best interests. Thank you- amy -- DSLR Phishtracker
	to forum · permalink · · 2007-11-13 04:47:41 · (locked)


Monday, 30-Nov 02:10:54	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF