Can u pl guide me for remove a malware ...

i got a alert from Mcafee that is "W32/Conflicker.warm.gen.a"..i had updated Mcafee..then the problem was solved..But now i got a message from Mcafee that is "

Detected As:BO:Writable BO:Stack...State:Blocked by Buffer Overflow Protection

"..i scaned my PC with Safe mode.but can't fix it. Pl help me anybody.

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

Here is my log file from Mcafee
Thanks for ur reply.I had to temporarily disable System Restore on the system when during the time of Threat cleaned. i have updated all security updates from microsoft upto June 2009.and also use Malcious Removable tool.but same problem is occurred.first time when i scanned with Mcafee ENT 8.5 Dat 5654,some file cleaned and also deleted..here is no problem..but now i am getting this alert..we have 25 Pc in my network...all pc have same problem..what should i do.?only way to format then reinstall the OS on the all pcs?Please help me to rectify this problem...
Thanks,

That isn't what gerbil requested. HiJackThis was requested.

The entries in your first log beginning with this time stamp give me a problem... 6/18/2009 3:05:17 PM -ok, give YOU a problem. We cannot be seen to be helping folks who circumvent legitimate software restrictions. You must delete these patches before we can offer advice.

I don't think they were the source of your infection, but again, I don't see why patches should contain trojans if license circumvention is all they were about.
Nice to have a hijackthis log, though.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Being now up to date with all patches is fine, but won't deal with an infection already in there. You might also try a rootkit scan... eg. GMER.

Plz see this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 6/19/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Colasoft Capsa 6.0 EE Demo\Capsa.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A085FE90-9F85-40B6-A747-0B697C896446}: NameServer = 203.145.184.47,203.145.184.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A7CF32-E297-4547-9B4D-5181001BD4C8}: NameServer = 203.145.184.32,203.145.184.42
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 3560 bytes

You are in Chennai, I take it, aamdevan? Could you post the SAS and MBAM logs, please? They would be interesting for us. Your HJT log is clean,although I note that you could update IE to IE6 with W2000, SP4. for security purposes.
Perhaps try this scan....
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java. Panda will clean only virii, but it is superb at listing other malwares which can then be targeted.
Please ATTACH to your post the log it produces.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.