PREVX - Potential Intrusion Attempt Prevented

Hi everyone,

When I rebooted my pc this morning, as I usually do when it seems to be slow
after a night of "snoozing" in "Switch User Mode", instead of "Log off" -
I saw a PREVX - Potential Intrusion Attempt Prevented - Alert.
(I run PREVX free version)

I copied & paste it here for you to see what it says:
____________________________________________


The application Generic Host Process for Win32 Services has caused a memory violation and has been stopped.

Core Memory (Stack)
A buffer overflow is caused when program code is trying to run in an area of memory reserved for data. This is a common method used by hackers for inserting malicous code. If you receive a buffer overflow, then your computer is being attacked.


Then I clicked on Event details:
____________________________

Prevx has prevented SVCHOST.EXE from causing a buffer overflow.

The following information has been obtained:
Process: SVCHOST.EXE
Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Pid: 932
Parentprocess: SERVICES.EXE
Parentpath: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Pid: 684

EIP: 18020464
Return EIP: 0x5010B813->0x5010F99D->0x112F870->
Number of frames: 3
Frame Pointer: 0x112F718->0x112F7B8->0x142D3C->
Memory Type: 0
Mechanism Flags: 3
Mechanism Name: ~ALL~
EIP Data:

........ (followed by a bunch of numbers..... )

__________________________________________

Then I clicked on Get Advice:
__________________________

Are you installing or updating any software, including 'live' web updates?
Quite often, key files which are being monitored by Prevx Home get modified or overwritten. If you are certain that the Event relates to a genuine installation being carried out by you, then you could allow the action.

Are you changing any program configuration, settings or preferences?
The same advice as the previous point applies here. For example, changing the default home page for Internet Explorer (IE) will generate an Alert. The IE default home page setting is stored in the registry, so if it is not you making this change, then it is considered suspicious. In this case, you could deny the action.
How users have treated this event


Allowed: 508 Denied: 58781


The event was first seen on: Nov 6, 2004

The event was last seen on: May 6, 2005

_______________________________________

I would like to mention that in the last couple of days, the only thing I remember I did was UPDATED my long needed YAHOO! Messenger Security-Update,
WinXP Security Updates,
Spybot SD (still v. 1.3 ),
Win Patrol.

(I suspended PREVX protection while updating, to prevent the zillions of alerts ! - ahem. )

And I restarted windows in between, but no Alert by Prevx until NOW !
____________________________________________________________

Also: As of this morning...my sound scheme for OUTLOOK EXPRESS -
new mail alert has changed ! !!!
_______________________________

Everytime I think I've done my puter something good,
something mysterious is happening...

Can someone PLEASE explain in b-a-b-y-t-a-l-k http://img232.echo.cx/img232/1386/praying0tc.gif to me, what this could mean ?

Thanks so much in advance for advice - AND your patience and understanding (of my technically ignorance ) !

~Nat~

 

Hi again!

Just now I received a phone call (while online) on my
Internet Answering Machine.

I can't listen to the message because I get an alert saying:

" We're sorry, we can't find a sound device to play your file"

(Don't know if it has anything to do with PREVX being mysterious.... )

I'm totally confused......


I will try rebooting again...just to see if it changes anything.......

 

Hi Nat,

Have you tried posting your problem here on Prevx's forum?:

http://castlecops.com/c37-Prevx.html

I would also recommend that you provide information about whatever other real-time security product that you are running. There may be some contention somewhere.

Rich

 

Hi rich,

No, I haven't posted on castlecops (yet).


Also want to say that I forgot to mention that I also UPDATED
ZoneAlarm (free), yesterday !

And I just rebooted, and no alert from PREVX and my sound schemes are back to normal again !! Yaaay !

But still......weird.
____________________

OK. My real-time sec. programs are:

ZA (free)

Avast-AV (free)

Spybot - tea timer (I think )

Spyware Blaster

Spyware Guard

IE - Spyad (not udated)

Winpatrol (latest version)

I think that's it....


Does that help ?

 

Hi Nat,

I haven't seen any specific issues posted anywhere regarding a buffer overflow problem, svchost.exe and Prevx. I have seen some issues posted regarding Prevx and ZoneAlarm, though I think most of those issues revolved around Prevx Pro. The fact that you updated ZoneAlarm yesterday may have been a contributing factor - but I am simply guessing. Unless anyone has run across this specific issue, it is probably best for you to post it directly on Prevx's own forum and see if they have any response. Remember to give them all of the details that you posted here including your ZoneAlarm update. But if you think everything is O.K now, you may not want to pursue it.

Rich

 

Rich, I want to thank you !!

I'll do as you say, if I seem to have more issues with PREVX.

As of right now...everything is ok.

Will see.....



~Nat~

 

Hi Nat,

You are quiite welcome. I hope the problem is a temporary one caused by the ZoneAlarm update.

Cya,
Rich