Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Virus?
I've cleaned this computer with Trend OfficeScan, but the security log continues to fill up within a few days. The most common log looks like:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINDOWS\Tasks\User_Feed
Handle ID: 3096
Operation ID: {0,29132298}
Process ID: 836
Image File Name: C:\WINDOWS\system32\svchos
Primary User Name: *computername*$
Primary Domain: *domain*
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: READ_CONTROL
SYNCHRONIZE
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
WriteEA
ReadAttributes
WriteAttributes
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Is there a virus remaining?
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINDOWS\Tasks\User_Feed
Handle ID: 3096
Operation ID: {0,29132298}
Process ID: 836
Image File Name: C:\WINDOWS\system32\svchos
Primary User Name: *computername*$
Primary Domain: *domain*
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: READ_CONTROL
SYNCHRONIZE
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
WriteEA
ReadAttributes
WriteAttributes
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Is there a virus remaining?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I'm a MS Certified Engineer
Look, I wouldn't recommend personally a software like that, something like BitDefender or Norton Internet Security is much faster and better.
By the way your logs looks like there is a loop svchost activity on a scheduled job, something normally unexpected, but it's being referred to user feed sync what means that there is something using the process to sync files or information.
Be aware of filtering you connection with a good firewall such as Microsoft Products or Norton Internet Security 2009.
Warm regards,
Look, I wouldn't recommend personally a software like that, something like BitDefender or Norton Internet Security is much faster and better.
By the way your logs looks like there is a loop svchost activity on a scheduled job, something normally unexpected, but it's being referred to user feed sync what means that there is something using the process to sync files or information.
Be aware of filtering you connection with a good firewall such as Microsoft Products or Norton Internet Security 2009.
Warm regards,
Thank for the advice, but the anti-virus product isn't my call.
How should I identify the offending job?
This computer is behind a firewall appliance.
Thanks again for the help.
How should I identify the offending job?
This computer is behind a firewall appliance.
Thanks again for the help.
No worries,
Well you should check you schedule manager to verify if you have any-kind of job that could run permanently, according to the times that you see in the log. That way you can identify the process.
If not, the best way would be to talk with you IT department and analyze the job cron, either way, just remove it.
Warm Regards.
Well you should check you schedule manager to verify if you have any-kind of job that could run permanently, according to the times that you see in the log. That way you can identify the process.
If not, the best way would be to talk with you IT department and analyze the job cron, either way, just remove it.
Warm Regards.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial