eEye Digital Security

Hello,

It seems I have a bit of malware on my PC (Windows XP, SP3, IE8) .  In the blink logs, I see things like: 

 But, I ran a full scan of the system, and it turned up nothing.  I also had it scan that particular file, and it said there is no threat.

I am assuming that I am infected with something, and that Blink is missing it...?

Using Blink Professional 4.3.1, Rule version 1512.  Antivirus Version 1.0.665.  Vulnerability Scanner version 5.10.11. Audits version 2061

Realized I was a bit out of date, so I updated.  Running a new scan using the latest.  Hope this helps...

Blink Professional 4.3.2

Rule version 1521. 

Antivirus Version 1.0.694. 

Vulnerability Scanner version 5.10.12.

Audits version 2085

     Are you still seeing the alert now when trying to use IE?  Either it was a false-positive (because of the way something was interacting with IE) or Blink did stop something from maliciously using IE's process to continue on with its own execution.  As far as running a scan on your system, since Blink terminated whatever was trying to use IE's process nothing else was able to execute because of this, so there is probably nothing wrong with your system at this point.  Whatever was trying to execute, was stopped in its tracks from doing so.

     By any chance do you know what you were doing at the time or where you were surfing to with IE when this alert popped up?  If your not happy and still would like more help, your are entitled to support (since your a Blink Professional user) from your portal at:

https://www.eeye.com/clients/login.html?access=0&target=&rnd=090603.135215.765344.474

 It looks like this happens when I first log into the system. 12 attempts were made (like the previous event posted), followed by this event:

Seems like I have something in the system that is trying to do something.  Even if Blink is stopping it from succeeding, I would still like to remove it.

     Have you tried using the tool ProcessExplorer to see what might be starting it?

     http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    You might not be able to run this tool in time upon logging into your system, but it it worth a try.  it has the ability to show you any new processes that are launched and what is directly launching them.  If you have not used ProcessExplorer before, you enable this feature by going to View at the top and then by making sure the "Show New Processes" function is enabled (this is not set by default).

Maybe eEye can assist further with this, I would recommend submitting a ticket also in your portal and see if they know of any tools that can help you located what is causing this.

He's right. I would suggest starting with Process Explorer to see what DLL's Explorer.exe is using. Process Explorer will also show you what programs are being called from another. Sometimes you see DLL's related to 3rd party apps like Synaptics (usually found on a laptop with touchpad).

 What if it is a third party application.  That means everytime he starts his system Blink will be choking on it until something is done about it.