Application Event Log ERROR: AV Engine failed to scan

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have been getting a number of MSMPSVC Event ID:3 errors in the Application
Event Log. Some of them appear when Windows Defender is running, and the rest
occur when the AVG (Anti Virus by Grisoft) is running. I assume MSMPSVC is
the "real-time" service of the Windows Defender suite of programs. Note that
beside the information here, the "Bytes" section of the event log includes
the words "unpack:(Armadillo)"

Questions:
1. Why is this happening?
2. Is this something I should be concerned about?
3. How do I make it go away?

Thanks. Bob T.

Event Type: Error
Event Source: MSMPSVC
Event Category: None
Event ID: 3
Date: 3/29/2006
Time: 12:30:43 PM
User: NT AUTHORITY\SYSTEM
Computer: RTANENBAUM
Description:
AV Engine failed to scan \Device\HarddiskVolume2\Program Files\IPCheck
Server Monitor 5\IPCheckServer.exe file accessed thru C:\Program
Files\Windows Defender\MsMpEng.exe (Session 0x0).

Event Type: Error
Event Source: MSMPSVC
Event Category: None
Event ID: 3
Date: 3/29/2006
Time: 8:33:23 AM
User: NT AUTHORITY\SYSTEM
Computer: RTANENBAUM
Description:
AV Engine failed to scan \Device\HarddiskVolume2\System Volume
Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP470\A0031842.exe
file accessed thru C:\PROGRA~1\Grisoft\AVG7\avgw.exe (Session 0x0).

Event Type: Error
Event Source: MSMPSVC
Event Category: None
Event ID: 3
Date: 3/29/2006
Time: 8:33:21 AM
User: NT AUTHORITY\SYSTEM
Computer: RTANENBAUM
Description:
AV Engine failed to scan \Device\HarddiskVolume2\System Volume
Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP470\A0031838.exe
file accessed thru C:\PROGRA~1\Grisoft\AVG7\avgw.exe (Session 0x0).

Event Type: Error
Event Source: MSMPSVC
Event Category: None
Event ID: 3
Date: 3/29/2006
Time: 8:16:28 AM
User: NT AUTHORITY\SYSTEM
Computer: RTANENBAUM
Description:
AV Engine failed to scan \Device\HarddiskVolume2\Program Files\IPCheck
Server Monitor 5\IPCheckWelcome.exe file accessed thru
C:\PROGRA~1\Grisoft\AVG7\avgw.exe (Session 0x0).

Event Type: Error
Event Source: MSMPSVC
Event Category: None
Event ID: 3
Date: 3/29/2006
Time: 8:16:28 AM
User: NT AUTHORITY\SYSTEM
Computer: RTANENBAUM
Description:
AV Engine failed to scan \Device\HarddiskVolume2\Program Files\IPCheck
Server Monitor 5\IPCheckServer.exe file accessed thru
C:\PROGRA~1\Grisoft\AVG7\avgw.exe (Session 0x0).
 
It seems you are running Windows Live One Care as well as Windows Defender.

MSMPSVC is not a component of Windows Defender. It is a component of One
Care.

The mesage is coming from the One Care realtime protection component and is
logged because the antivirus engine is not able to unpack a specific type of
encrypted executable (in this case, a file encrypted with the Armadillo
packer.)

This is not necessarily something you need to be worried about. The reason
we log the error is that failure to unpack something often indicates the
presence of a new malware variant, since many types of malware are
constantly making use of modified executable packers to try and circumvent
antivirus detection.

We would be interested in analyzing the two files from your machine:

Program Files\IPCheck Server Monitor 5\IPCheckServer.exe
Program Files\IPCheck Server Monitor 5\IPCheckWelcome.exe


If you could submit those files by placing them in a ZIP file and sending it
to (e-mail address removed), that would be helpful.

Please password protected the ZIP file with a password of "infected" before
sending, if possible.

Thanks

-Mike
 
Back
Top