defense+ shellcode injection & modify key...should i be very worried?

[Guest]

[emhami2009]

Hello,

I am attaching a jpeg copy of the print screen showing my defense+ events - I wonder if anyone could tell me if I should be really worried about the 2 that keep occurring regularly:

1)   shellcode injection from svchost.exe (when i get the warning it talks of a possible buffer overflow attack - & i have learnt that it is best not to respond - as if i tell it to tell it to stop svchost the computer becomes unresponsive - but to just close all windows & reboot)

2)  the 'modify key' question keeps on popping up when i close down  - if i get time - sometimes it flies lff the screen too quickly - i block this request.


many thanks for any help/advice you are able to give me.

Em.

[aditya_dmj]

try disabling D+ for a while( untick shell execution part) .
if there is one, thesvchost will crash as it run protected under DEP.( you will know wether it is for real or False alert).No harm to computer wil be done except hanging and you have to reboot.

--Second strange thing is services is modifying controlset002( does this happens just after reboot),if it happens just after reboot you can allow it.

-Probably in past you have made use of "last known good configuration".

-About ShelCodeExecution ,(it appears so ,i am not sure some program is trying to achieve elevated privilege). try disabling mbam and super antispyware for a while.

Regards

Adi

[EricJH]

What OS are you using? Is it up to date with all the latest updates?

The shellcode injection error message may also indicate an error rather than an attack. When this message occurs a buffer overflow (BO) was found. The BO is a type of error in a program; this type of error can also exploited by malware.

When scanning your computer with several antimalware and rootkit scanners doesn't show malware it is safe to assume you found a crash of svchost.exe.

[Tags:]