PREVX - Potential Intrusion Attempt Prevented

Discussion in 'other anti-trojan software' started by ~*Nat*~, May 7, 2005.

Thread Status:
Not open for further replies.
  1. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Hi everyone,

    When I rebooted my pc this morning, as I usually do when it seems to be slow
    after a night of "snoozing" in "Switch User Mode", instead of "Log off" -
    I saw a PREVX - Potential Intrusion Attempt Prevented - Alert.
    (I run PREVX free version)

    I copied & paste it here for you to see what it says:
    ____________________________________________


    The application Generic Host Process for Win32 Services has caused a memory violation and has been stopped.

    Core Memory (Stack)
    A buffer overflow is caused when program code is trying to run in an area of memory reserved for data. This is a common method used by hackers for inserting malicous code. If you receive a buffer overflow, then your computer is being attacked.


    Then I clicked on Event details:
    ____________________________

    Prevx has prevented SVCHOST.EXE from causing a buffer overflow.

    The following information has been obtained:
    Process: SVCHOST.EXE
    Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    Pid: 932
    Parentprocess: SERVICES.EXE
    Parentpath: C:\WINDOWS\SYSTEM32\SERVICES.EXE
    Pid: 684

    EIP: 18020464
    Return EIP: 0x5010B813->0x5010F99D->0x112F870->
    Number of frames: 3
    Frame Pointer: 0x112F718->0x112F7B8->0x142D3C->
    Memory Type: 0
    Mechanism Flags: 3
    Mechanism Name: ~ALL~
    EIP Data:

    ........ (followed by a bunch of numbers.....o_O )

    __________________________________________

    Then I clicked on Get Advice:
    __________________________

    Are you installing or updating any software, including 'live' web updates?
    Quite often, key files which are being monitored by Prevx Home get modified or overwritten. If you are certain that the Event relates to a genuine installation being carried out by you, then you could allow the action.

    Are you changing any program configuration, settings or preferences?
    The same advice as the previous point applies here. For example, changing the default home page for Internet Explorer (IE) will generate an Alert. The IE default home page setting is stored in the registry, so if it is not you making this change, then it is considered suspicious. In this case, you could deny the action.
    How users have treated this event


    Allowed: 508 Denied: 58781


    The event was first seen on: Nov 6, 2004

    The event was last seen on: May 6, 2005

    _______________________________________

    I would like to mention that in the last couple of days, the only thing I remember I did was UPDATED my long needed YAHOO! Messenger Security-Update,
    WinXP Security Updates,
    Spybot SD (still v. 1.3 ),
    Win Patrol.

    (I suspended PREVX protection while updating, to prevent the zillions of alerts ! - ahem. )

    And I restarted windows in between, but no Alert by Prevx until NOW !
    ____________________________________________________________

    Also: As of this morning...my sound scheme for OUTLOOK EXPRESS -
    new mail alert has changed ! o_O o_O !!!
    _______________________________

    Everytime I think I've done my puter something good,
    something mysterious is happening...:doubt:

    Can someone PLEASE explain in b-a-b-y-t-a-l-k http://img232.echo.cx/img232/1386/praying0tc.gif to me, what this could mean ?

    Thanks so much in advance for advice - AND your patience and understanding (of my technically ignorance ) !

    ~Nat~ :)
     
  2. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Hi again!

    Just now I received a phone call (while online) on my
    Internet Answering Machine.

    I can't listen to the message because I get an alert saying:

    " We're sorry, we can't find a sound device to play your file"

    (Don't know if it has anything to do with PREVX being mysterious....o_O )

    I'm totally confused......


    I will try rebooting again...just to see if it changes anything.......
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Nat,

    Have you tried posting your problem here on Prevx's forum?:

    http://castlecops.com/c37-Prevx.html

    I would also recommend that you provide information about whatever other real-time security product that you are running. There may be some contention somewhere.

    Rich
     
  4. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Hi rich, :)

    No, I haven't posted on castlecops (yet).


    Also want to say that I forgot to mention that I also UPDATED
    ZoneAlarm (free), yesterday !

    And I just rebooted, and no alert from PREVX and my sound schemes are back to normal again !! Yaaay !

    But still......weird.
    ____________________

    OK. My real-time sec. programs are:

    ZA (free)

    Avast-AV (free)

    Spybot - tea timer (I think :oops: )

    Spyware Blaster

    Spyware Guard

    IE - Spyad (not udated)

    Winpatrol (latest version)

    I think that's it....


    Does that help ? :)
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Nat,

    I haven't seen any specific issues posted anywhere regarding a buffer overflow problem, svchost.exe and Prevx. I have seen some issues posted regarding Prevx and ZoneAlarm, though I think most of those issues revolved around Prevx Pro. The fact that you updated ZoneAlarm yesterday may have been a contributing factor - but I am simply guessing. Unless anyone has run across this specific issue, it is probably best for you to post it directly on Prevx's own forum and see if they have any response. Remember to give them all of the details that you posted here including your ZoneAlarm update. But if you think everything is O.K now, you may not want to pursue it.

    Rich
     
  6. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Rich, I want to thank you !!

    I'll do as you say, if I seem to have more issues with PREVX.

    As of right now...everything is ok.

    Will see..... ;)



    ~Nat~
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Nat,

    You are quiite welcome. I hope the problem is a temporary one caused by the ZoneAlarm update.

    Cya,
    Rich
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Guys

    Although I've changed firewalls for different reasons, I was running ZA Pro latest version, and I did go thru the update with Zone Alarm with not a peep out of Prevx.


    Pete
     
Thread Status:
Not open for further replies.