Hello everyone,
first of all, sorry for similar topic, but I simply could not find a reply button in that topic, so I created a new one, if that’s a problem, please join the topics, thanx.
And now, some facts about my problem. Every now and then, it’s hard to say exactly when, but usually after the comupter is turned on and Win XP SP3 is booted, Comodo says that services.exe tried to execute shellcode as a result of a buffer overflow attack. The problem is that when I hit the terminate button, that leaves me with 60 seconds countdown and my computer is going to restart itself. I’m kind of worried, if this is not some malware or sth, and because services.exe is an important part of the windows system. I’m also running Avast antivirus and tried to use Spyware Terminator, performed a full system scan, I also scanned the system with Avast antivirus, but nothing was found. Another thing I used was Procexp to examine processes running on my system, but again, I did not find anything suspicious, the log file from Procexp follows:
Process PID CPU Description Company Name
System Idle Process 0 75.38
Interrupts n/a 1.54 Hardware Interrupts
DPCs n/a 3.08 Deferred Procedure Calls
System 4
smss.exe 1324 Správce relací systému Windows NT Microsoft Corporation
csrss.exe 1444 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1476 Windows NT Logon Application Microsoft Corporation
services.exe 1524 Services and Controller app Microsoft Corporation
svchost.exe 1736 Generic Host Process for Win32 Services Microsoft Corporation
COCIManager.exe 5072 Camera Control Interface Logitech Inc.
COMServer2Helper.exe 3060
svchost.exe 1816 Generic Host Process for Win32 Services Microsoft Corporation
cmdagent.exe 588 COMODO Internet Security COMODO
svchost.exe 616 10.77 Generic Host Process for Win32 Services Microsoft Corporation
GoogleUpdate.exe 236 Instalační program Google Google Inc.
MsMpEng.exe 664 Service Executable Microsoft Corporation
svchost.exe 892 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 964 Generic Host Process for Win32 Services Microsoft Corporation
aswUpdSv.exe 1344 avast! Antivirus updating service ALWIL Software
ashServ.exe 1396 avast! antivirus service ALWIL Software
spoolsv.exe 552 Spooler SubSystem App Microsoft Corporation
Apache.exe 1236 Apache HTTP Server Apache Software Foundation
Apache.exe 2872 Apache HTTP Server Apache Software Foundation
LVComSer.exe 1264 Logitech Video COM Service Logitech Inc.
LVComSer.exe 4556 Logitech Video COM Service Logitech Inc.
LVPrcSrv.exe 2512 Logitech LVPrcSrv Module. Logitech Inc.
mysqld-nt.exe 2604
nvsvc32.exe 2672 NVIDIA Driver Helper Service, Version 181.20 NVIDIA Corporation
sp_rsser.exe 2724 Spyware Terminator Realtime Shield Service Crawler.com
sqlbrowser.exe 3216 SQL Browser Service EXE Microsoft Corporation
sqlwriter.exe 3268 SQL Server VSS Writer Microsoft Corporation
svchost.exe 3320 Generic Host Process for Win32 Services Microsoft Corporation
ashMaiSv.exe 2652 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 2808 avast! Web Scanner ALWIL Software
svchost.exe 4568 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 5116 Application Layer Gateway Service Microsoft Corporation
svchost.exe 5816 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 1544 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1976 1.54 Průzkumník Windows Microsoft Corporation
TSVNCache.exe 416 TortoiseSVN status cache www.tortoisesvn.org
NvMixerTray.exe 1036 NVIDIA nForce Mixer Tray Application NVIDIA Corporation
MSASCui.exe 1072 Windows Defender User Interface Microsoft Corporation
Communications_Helper.exe 1092 Communications Manager Logitech Inc.
Quickcam.exe 1152 Camera Software Logitech Inc.
ashDisp.exe 1240 avast! service GUI component ALWIL Software
MBM5.exe 1260 MBM 5 Core EXE Alex van Kaam
rundll32.exe 1300 Run a DLL as an App Microsoft Corporation
cfp.exe 1536 COMODO Internet Security COMODO
ctfmon.exe 1912 CTF Loader Microsoft Corporation
daemon.exe 1932 Virtual DAEMON Manager DT Soft Ltd.
GoogleUpdate.exe 1268 Instalační program Google Google Inc.
firefox.exe 5928 Firefox Mozilla Corporation
foobar2000.exe 1824 foobar2000 Application
LastFM.exe 5324 Last.fm Last.fm
infium.exe 4860 1.54 QIP Infium QIP
SpywareTerminator.exe 4408 6.15 Crawler Spyware Terminator Crawler.com
procexp.exe 908 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Could you please give me some advice what to do? Is that probably some threat or should I ignore that? Or should I try the new beta?
Thanx for every advice and pardon my bad english.
EDIT: I found a log of Defense+ events, so now I know, when did the incidents happen:
First it showed on 22nd of Feb, then 9th of March, and then it started to appear more often – 4th, 7th and 14th of April (7th and 14th of April is the last two times when I booted the computer). And I also forgot to mention, that after the restart, the alert does not appear any more, the problem appears only after the first boot.