I am getting the following alerts and are not sure if they are a real threat or just one of my files requiring update.
It seems to be different files each time, but the details always start out with c:\4b75cf33f4fa19304a39d25b\hotfix.exe modified the memory of the Parent application
Any ideas?
BD
here is the first one:
Date/Time :2008-07-12 17:54:39
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (SERVICES.EXE)
Application: C:\WINNT\system32\SERVICES.EXE
Parent: c:\WINNT\system32\WINLOGON.EXE
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: c:\4b75cf33f4fa19304a39d25b\hotfix.exe modified the memory of the Parent application c:\WINNT\system32\WINLOGON.EXE in memory.
here is the second one:
Date/Time :2008-07-12 17:54:37
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (spoolsv.exe)
Application: C:\WINNT\system32\spoolsv.exe
Parent: C:\WINNT\system32\SERVICES.EXE
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: c:\4b75cf33f4fa19304a39d25b\hotfix.exe modified the memory of C:\WINNT\system32\spoolsv.exe in memory.
No, all updates have been downloaded from Microsoft…however, the last update (Security Update for SQL Server 2005 Service Pack 2) was just downloaded today. It didn’t say I had to reboot, but I’m wondering if I reboot, will Comodo stop squawking?
On a different subject about Comodo, why do I see the same alerts over and over asking me to allow or block when I click remember my selection?