Should tis concern me?

Discussion in 'ProcessGuard' started by Kegel, Jul 8, 2004.

Thread Status:
Not open for further replies.
  1. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\smss.exe [396]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\smss.exe [396]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\csrss.exe [460]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\csrss.exe [460]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\winlogon.exe [484]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\winlogon.exe [484]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\services.exe [528]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\services.exe [528]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\lsass.exe [540]
    8 Jul 20:48:12 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\lsass.exe [540]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [708]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [708]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [724]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [724]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [788]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [788]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\system32\svchost.exe [808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\dcsuserprot.exe [1028]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\dcsuserprot.exe [1028]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\explorer.exe [1808]
    8 Jul 20:48:14 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\windows\explorer.exe [1808]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsescn.exe [1932]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsescn.exe [1932]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\boclean.exe [2036]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\boclean.exe [2036]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\lavasoft\ad-aware 6\ad-watch.exe [272]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\lavasoft\ad-aware 6\ad-watch.exe [272]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\bocsec.exe [292]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\nsclean\boclean\bocsec.exe [292]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\procguard.exe [848]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\processguard\procguard.exe [848]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsshld.exe [276]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsshld.exe [276]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsrte.exe [452]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcvsrte.exe [452]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcshield.exe [948]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcshield.exe [948]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\internet explorer\iexplore.exe [1448]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\internet explorer\iexplore.exe [1448]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcmnhdlr.exe [1792]
    8 Jul 20:48:16 - [P] c:\program files\mcafee.com\shared\mghtml.exe [508] tried to gain WRITE,TERMINATE,SET INFO access on c:\program files\mcafee.com\vso\mcmnhdlr.exe [1792]
    8 Jul 20:48:17 - [EXECUTION] c:\program files\mcafee.com\vso\mcvsmap.exe with commandline "c:\program files\mcafee.com\vso\mcvsmap.exe" -embedding was ALLOWED to run
    8 Jul 20:48:22 - [EXECUTION] c:\program files\tds3\tds-3.exe with commandline "c:\program files\tds3\tds-3.exe" -scanf c:\program files\mcafee.com\shared\mghtml.exe was ALLOWED to run
    8 Jul 20:48:23 - [EXECUTION] c:\windows\msagent\agentsvr.exe with commandline c:\windows\msagent\agentsvr.exe -embedding was ALLOWED to run
    8 Jul 20:48:33 - [EXECUTION] c:\program files\tds3\dcsmutex.exe with commandline "c:\program files\tds3\dcsmutex.exe" diamond computer systems pty. ltd.
    was ALLOWED to run
    8 Jul 20:48:40 - [EXECUTION] c:\program files\tds3\ext.sys\tdscrc32.exe with commandline "c:\program files\tds3\ext.sys\tdscrc32.exe" www.diamondcs.com.au was ALLOWED to run


    Seemed to occure right after the virus scan updated itself.

    mghtml.exe tests out ok with TDS-3 and McAffee. If you do a search on google for this file though, many links for trojans come up.
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, Kegel,

    I'm relatively new to PG, but what your seeing is nothing to worry about in my opinion. It appears you have quite a few items on your protected list, and "c:\program files\mcafee.com\shared\mghtml.exe " is trying to gain access to these processes. I assume (and appears that) mghtml.exe is a process within your McAffee virus scan application. If so, I would simply give add this app to your protected list and give it "WRITE,TERMINATE,SET INFO " allow rights, and you should see these messages disappear.

    The lines starting wiht [Execution] are just programs starting that you have previously allowed.

    hopefully someone from DCS can conform what I'm saying. Good luck!
     
  3. mAcOdIn

    mAcOdIn Registered Member

    Joined:
    Jan 19, 2003
    Posts:
    4
    Although mghtml does share a common name with a trojan, even on nai's own website, it is a valid McAfee process, so you have nothing to worry about.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Kegel D&C is correct :) Add the file mghtml.exe (providing it is a trusted program) to your protected list and give it the allow flags necessary to stop the logging.

    HTH Pilli
     
Thread Status:
Not open for further replies.