Termsrv.dll (Trojan.Patched) pop up message

[Jim-1]

Since I purchased MBAM, I sometimes get a pop up message when I start the computer that says MBAM detected a malicious process (windows\system32\termsrv.dll) and has blocked the execution attempt. A screenshot of the message is copied below. Does anyone know if this is a real problem or a false alert? I tried pressing the Quarantine button some times, and the Ignore button other times, but the same message appears about six times out of ten when I boot the computer. If this is a false positive, is there a way to tell MBAM to ignore it every time so I do not need to click the button? Thanks!

[Firefox]

Hello and

Have you tried submitting the file to VirusTotal to check it?

Please provide following details, so that someone may be able to assist you:

• 1. OS version including 32/64-bit
  2. Installed Security Product(s) including Firewall
  3. MBAM version (current 1.46)
  4. Definition version (current 4885)
  5. Do you use a router to connect to Internet
  

[Jim-1]

Hello and

Have you tried submitting the file to VirusTotal to check it?

Please provide following details, so that someone may be able to assist you:

• 1. OS version including 32/64-bit
  2. Installed Security Product(s) including Firewall
  3. MBAM version (current 1.46)
  4. Definition version (current 4885)
  5. Do you use a router to connect to Internet
  

Thanks for the quick reply. When I first encountered this message (months ago), I searched the web for information. My understanding is that there was a virus problem with that file at one time, but it had been corrected (hence the "Trojan.Patched" designation). I just now sent the file to Virus Total (screenshot below). I think they are saying there have been many inquiries about the file, but no reports of any problems. Here are the answers to your questions:

1. XP Pro x64

2. AVG 2011 and Outpost Firewall 2009

3. MBAM version 1.46

4. Definition version 4844 (from 10/15/2010). Any later update to the Rules.ref file crashes MBAM with a database error. There is more about that in the other two threads I started.

5. Yes, I use a router which is hardwired to my computer.

[noknojon]

Hi again -

Please try this item to ensure it has not "stuck" in your router -

You may want to print or write these directions as you will disconnect from the internet for a while -

1. Very important: First disconnect your computer from the internet. (Log Off)

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

• Go to Start -> Control Panel -> Double click on Network Connections.
  
• Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  
• Select the General tab.
  
• Double click on Internet Protocol (TCP/IP).
  ?Under General tab:
  
• Select "Obtain an IP address automatically".
  
• Select "Obtain DNS server address automatically".
  
• Click OK twice to save the settings.
  
• Reboot if you had to change any setting.
  

4. Flush the DNS cache:

• Click the Start logo in the bottom left corner of the screen
  
• Click on Run or press Windows Logo+R
  
• In the command window copy/paste the following:
  

  ipconfig /flushdns

  
  

• Then hit enter.
  
• Exit the command window.
  

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet

[Haider]

Hello Jim-1:

You have two simultaneous threads going on in this thread you mentioned MBAM crashing that you initiated yesterday, and in this one (started today) there is no mention of MBAM crashes, if that problem is resolved otherwise kindly read this response

As far this recurring mentioned problem (termsrv.dll), please delete any scheduled task that you may have. Should you have any other question(s) please post back using button

*** There is a known issue with AVG2011 that is being worked on

[Jim-1]

Hello Jim-1:

You have two simultaneous threads going on in this thread you mentioned MBAM crashing that you initiated yesterday, and in this one (started today) there is no mention of MBAM crashes, if that problem is resolved otherwise kindly read this response

MBAM works well, but only so long as I do not update rules.ref to a later version than 10/15/2010. Since the MBAM program works well with the rules.ref dated 10/15/2010, I continue to think there is a problem with the subsequent updates to rules.ref. Something clearly changed after the 10/15/2010 rules.ref which my computer works well with, to the 10/16/2010 and more recent rules.ref which crashes MBAM with a database error on my computer. I will consider this problem resolved when MBAM will continue to operate on my computer with a rules.ref that is more recent than 10/15/2010.

As far this recurring mentioned problem (termsrv.dll), please delete any scheduled task that you may have. Should you have any other question(s) please post back using button

Thanks for the suggestion, but I have no tasks scheduled that I am aware of. I actually do not know how to schedule a task, and I do not think I have scheduled one inadvertently, but I could be wrong about that. It is interesting that MBAM alerts on termsrv.dll only approximately half the time, and seemingly at random. I do not know what that implies about either the file or MBAM. Windows Explorer reports that termsrv.dll was last modified on 2/16/2007. Since the file is not changing, MBAM could be inconsistent in flagging that file only sometimes.

*** There is a known issue with AVG2011 that is being worked on

I started using AVG 2011 on 10/06/2010. FYI, it worked great with MBAM with no special exclusions in exactly the same way that AVG 9 worked well with no special exclusions. Whatever issue has been identified with AVG 2011, I have seen no effects from it on my computer. Since MBAM continues to work well on my computer - so long as I do not update rules.ref to more recent than 10/15/2010 - I find it difficult to blame AVG for the MBAM database error with more recent versions of rules.ref.

[DarkSnakeKobra]

Hi Jim-1

Just for a personal preference, I would consider dropping Outpost Free. It has not had an update since May of 09. Outpost seems to be way behind of others like Online Armor, Zone Alarm, Comodo, Privacyware ect which have all had at least one update(2-3 for some). Without steady development bugs are more common with other products and protection goes down when hackers figure how to bypass the features.

[Jim-1]

Hi Jim-1

Just for a personal preference, I would consider dropping Outpost Free. It has not had an update since May of 09. Outpost seems to be way behind of others like Online Armor, Zone Alarm, Comodo, Privacyware ect which have all had at least one update(2-3 for some). Without steady development bugs are more common with other products and protection goes down when hackers figure how to bypass the features.

Thanks! Good information to know about. Outpost was the only free software firewall I could find that would support XP Pro x64. I will look more at other possibilities to see if I can find another to consider. Meanwhile, the software firewall is not critical on my computer. Most of my Internet work is protected by a hardware router, and I usually only surf to the same old financial sites that offer a very low risk profile. :-)

[DarkSnakeKobra]

Thanks! Good information to know about. Outpost was the only free software firewall I could find that would support XP Pro x64. I will look more at other possibilities to see if I can find another to consider. Meanwhile, the software firewall is not critical on my computer. Most of my Internet work is protected by a hardware router, and I usually only surf to the same old financial sites that offer a very low risk profile. :-)

You're very welcome.

Edit: Only Comodo Firewall seems to support Xp 64 bit. Personally, recommend Windows Firewall or keep Outpost. Comodo has had thoughts being liked to the malware industry and is best to stay away regardless if true or not.