I’ve recently had two apps request permission to access COM interface:
FTPVoyager
soffice.bin
Both applications requested COM interface to:
BOINCmgr.exe
This is wholly and utterly non-germane (not to mention alarming). Both requests were denied, and ‘remember this’. CIS crashed while reviewing logs. The files generated by the crash have been zipped and attached.
I’ve had something similar happen about a month or two ago: CIS alert requested permission for BOINCmgr to execute a WAU exe. The resulting carnage was grimace proportions. :o
What make you of this? Root-kit?
A/O now up-time = 9hr 00 min and there have been 235 ‘intrusions’
Event log shows the following relevent events recorded during the previous 9 hours :
14:41:11 EDT blocked file modieus.zip in Content_IE5 (once) - per D+ blocking rule of Content_IE5 folder
20:32:59 6/10/11 EDT soffice.bin access COM interface boincmgr.exe
multiple entries…
23:09:xx 6/10/11 EDT soffice.bin access COM interface boincmgr.exe (close SCalc - last entry soffice.bin)
00:12:08 6/11/11 EDT FTPVoyager asked TCP out from [NIC] to [IP] src port 4434 dest port 64545 (dest port not in [url dest port list]) - 4 entries (allowed - not remembered)
00:14:28 6/11/11 EDT FTPVoyager asked TCP out from [NIC] to [IP] src port 4436 dest port 2752 (dest port not in [url dest port list]) - 3 entries (allowed - not remembered)
00:12:19 6/11/11 EDT FTPVoyager access COM interface boincmgr (open FTPVoyager - first D+ log entry)
multiple entries…
00:20:19 6/11/11 EDT FTPVoyager access COM interface boincmgr.exe (150th entry for FTPVoyager)
00:28:52 6/11/11 EDT modify file CISDumps.zip
[attachment deleted by admin]