Should tis concern me?

Discussion in 'ProcessGuard' started by Kegel, Jul 8, 2004.

Thread Status:
Not open for further replies.
  1. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\smss.exe [396]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\smss.exe [396]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\csrss.exe [460]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\csrss.exe [460]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\winlogon.exe [484]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\winlogon.exe [484]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\services.exe [528]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\services.exe [528]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\lsass.exe [540]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\lsass.exe [540]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [708]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [708]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [724]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [724]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [788]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [788]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\dcsuserprot.exe [1028]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\dcsuserprot.exe [1028]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\explorer.exe [1808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\explorer.exe [1808]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsescn.exe [1932]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsescn.exe [1932]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\boclean.exe [2036]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\boclean.exe [2036]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\lavasoft\ad-aware 6\ad-watch.exe [272]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\lavasoft\ad-aware 6\ad-watch.exe [272]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\bocsec.exe [292]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\bocsec.exe [292]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\procguard.exe [848]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\procguard.exe [848]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsshld.exe [276]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsshld.exe [276]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsrte.exe [452]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsrte.exe [452]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcshield.exe [948]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcshield.exe [948]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\internet explorer\iexplore.exe [1448]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\internet explorer\iexplore.exe [1448]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcmnhdlr.exe [1792]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcmnhdlr.exe [1792]
    8 Jul 20:48:17 - [EXECUTION] c:\program files\mcafee.com\vso\mcvsmap.exe with commandline "c:\program files\mcafee.com\vso\mcvsmap.exe" -embedding was ALLOWED to run
    8 Jul 20:48:22 - [EXECUTION] c:\program files\tds3\tds-3.exe with commandline "c:\program files\tds3\tds-3.exe" -scanf c:\program files\mcafee.com\shared\mghtml.exe was ALLOWED to run
    8 Jul 20:48:23 - [EXECUTION] c:\windows\msagent\agentsvr.exe with commandline c:\windows\msagent\agentsvr.exe -embedding was ALLOWED to run
    8 Jul 20:48:33 - [EXECUTION] c:\program files\tds3\dcsmutex.exe with commandline "c:\program files\tds3\dcsmutex.exe" diamond computer systems pty. ltd.
    was ALLOWED to run
    8 Jul 20:48:40 - [EXECUTION] c:\program files\tds3\ext.sys\tdscrc32.exe with commandline "c:\program files\tds3\ext.sys\tdscrc32.exe" www.diamondcs.com.au was ALLOWED to run


    Seemed to occure right after the virus scan updated itself.

    mghtml.exe tests out ok with TDS-3 and McAffee. If you do a search on google for this file though, many links for trojans come up.
     
    Kegel, Jul 8, 2004
    #1
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, Kegel,

    I'm relatively new to PG, but what your seeing is nothing to worry about in my opinion. It appears you have quite a few items on your protected list, and "c:\program files\mcafee.com\shared\mghtml.exe " is trying to gain access to these processes. I assume (and appears that) mghtml.exe is a process within your McAffee virus scan application. If so, I would simply give add this app to your protected list and give it "WRITE,TERMINATE,SET INFO " allow rights, and you should see these messages disappear.

    The lines starting wiht [Execution] are just programs starting that you have previously allowed.

    hopefully someone from DCS can conform what I'm saying. Good luck!
     
    Dazed_and_Confused, Jul 8, 2004
    #2
  3. mAcOdIn

    mAcOdIn Registered Member

    Joined:
    Jan 19, 2003
    Posts:
    4
    Although mghtml does share a common name with a trojan, even on nai's own website, it is a valid McAfee process, so you have nothing to worry about.
     
    mAcOdIn, Jul 9, 2004
    #3
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Kegel D&C is correct :) Add the file mghtml.exe (providing it is a trusted program) to your protected list and give it the allow flags necessary to stop the logging.

    HTH Pilli
     
    Pilli, Jul 9, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...