C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\EPOAGENT3000META\AgtMetaDet.McS
You might have a conficker.worm virus,
) I would suggest that you apply MS08-067 which is the Microsoft fix for Conficker.
2) With most recent DAT files, run a SCHEDULED On Demand Scan > Reboot > SCHEDULED On Demand Scan
The reason for it being scheduled is because Conficker requires elevated priveledges to be removed. A scheduled On Demand Scan uses the "System" account whereas running the scan by right click system tray > On Demand Scan uses the locally logged on user account.
Even if the logged on user is Domain Admin, Conficker can lock out Domain Admin accounts.
McAfee posted a knowledge base article on conficker:
Hope this helps.
how to use on demand scan with system account? where can set?
Once you install the patch, log on as the local admin account and run a full scan on the virus scan console. (disconnect from LAN)
On-demand scan is nothing but Full scan.
use following like to get description of svchost.exe
then try following
1.open registry editor
2. navigate to following link
Here you find different key like netsvcs, network service, local service etc.
each key acutally a collection of services that it can host on the system.
find out the key which contains abnormal data for example
(in my case)
netsvcs contains "6to8" we know that there no service in the system naming 6to8
so deleted that entry (not all data on that single line that you found abnormal) because it crate exception for svchost exe and try close all the services depending upon it
Please take a look at the following link which has very useful information about how to eliminate and also how to prevent new infections of W32/Conficker. There is also a tool that you can scan your network in order to find potential machines which has conficker in memory.
Hope this helps.