I recently started work at a new place, and at my workplace there is an automatic software update installer which has been bugging me to install updates. When I try to install the updates, the updates fail, and immediately afterwards there is a HIPS alert. In the activity log I see this:
Event: McAfee Host Intrusion Prevention
IP Address / User: NT Authority \ Local System
Application: Generic Host Process for Win32 Services (svchost.exe)
Message: Attack type: W32/Yunsip Infection
Can anyone help me interpret this? Does this mean there is a Yunsip infection on my system, or is something from the company intranet or elsewhere trying to attack it?
W32/Yunsip Infection is Host IPS Signature 2787, which prevents creation of a couple of DLL files (See the Signature event details for filenames). These filenames are associated with this Yunsip infection, so I would obtain copies of these files to be analyzed by McAfee Labs.
KB68030 - How to Submit Virus Samples to McAfee Labs