General discussion

Locked

MSsoft A-ware Clean - Ad-Ware/Spyware!!??

By lee ·
Just recently many of my Win2003 domain XP SP2 clients started having problems access LAN/Internet Websites and network-related applications also were intermittently disconnecting!

The only evidence was an EventID 4226 Warning regarding TCP max connection limit reached.

From that I identified the cause to be approx. 10 persistent half-open (SYN-SENT) TCP connections from 'nsvsef.exe' to non-existent LAN IP destinations and sometimes Internet IP's.

NSVSEF.EXE Path:
C:\Program files\Symantec Antivirus\

I was able to locate and delete the following registry entries which were associated to the above filename:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices <MSsoft A-ware Clean>

HKCU\Software\ASProtect
HKU\.default\Software\ASProtect

Also, I rename the EXE at logon to BAK with a script.

NOTE: I am seeing these items get recreated automatically and I am not able to identify how as of yet.

HAS ANYONE SEEN THIS?
IS THIS IN FACT A MALICIOUS TROJAN?

(AS OF 7/8/07: IT IS NOT DOCUMENTED ON THE INTERNET)

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums