# Users of CA Security Suite (information required on unknown processes)



## the_binkster

Following installation of a the most recent updated version of CA Security Suite ON TWO PC'S (previous version's license expired), I chanced upon 3 processes which had not been there previously (ON BOTH PC'S); all showed the date last modified as being 03/09/2007 within 1 minute of each other. However, they did not show up (or I did not notice them) until 29/09/2007.

mdmcls32.exe
cfgmng32.exe
svcprs32.exe

If users of CA could check their pc's for these processes and report back as to whether you *a) have them* and *b) any information you might have on them* as searches so far have proved inconclusive (according to some databases mdmcls32.exe and cfgmng32.exe are clean and svcprs32.exe has only been around since 23/09/2007 {Prevx}).

Cheers (any further assistance much appreicated)

the_binkster


----------



## kinbard

Hi and welcome,
There are a couple things I find... suspicious.
I would follow the directions here:
http://www.techsupportforum.com/sec...pdated-important-read-before-posting-log.html
Let an analyst look over things. Be patient, as that is a busy part of the forum.


----------



## tetonbob

Alongside the good advice kinbard has given, you can have the files scanned at either *Jotti File Scan* or *VirusTotal*

Two seem like possible candidates for malware, and are likely running services.

Do you run a software called PureSight_PC ?

If you do scan the files, and go through with the steps outlined in the link kinbard has given, please include that information along with the other logs.


----------



## the_binkster

All three files come up blank with Jotti File Scan and VirusTotal. The main issue here is whther or not these files have come from CA since both pc's register the files on the same day at the same time - at about the same time as a major update to the security suite. The other updated files were also "invisible" until the suite was relicensed at which point the three files/processes first showed up as well. 

I will post a HijackThis Log in the appropriate forum but could other CA users please reply as to whether they have these files and if possible the date and time of their most recent modification.

Cheers


----------



## tetonbob

Just curious...



> All three files come up blank with Jotti File Scan and VirusTotal.


Do you mean they were scanned with no infected findings? Or that the files were not able to be scanned, and you got a result of 0 byte file?

You can also check the files' properties, to see if there is any info linking them to CA.

Sorry, don't use CA, so that's the best I can do.


----------



## the_binkster

Both things done and they are not infected and there is nothing linking them to CA or any other company for that matter in the File Properties.


----------



## Dom Shaw

Updated CA to latest version on 2 PCs and had a major problem playing World of Warcraft on both. Tried disabling firewall but it made no difference. Searched the process log, found and disabled a few files I was unsure of and discovered that with mdmcls32.exe running in the background WOW hung but without it I had no problems. File kept restarting itself, so I uninstalled CA's Website Inspector, Parental Controls and Desktop DNA Migrator and have had no problem since - the file is no longer present. Posted a question to CA UK but have yet to hear back...


----------



## Stucca

Hi Binkster !!! 

I have been 3 years CA´s customer and this is first time I am seriously considering changing to better security suites, or at least better customer service !!

You got these mdmcls32.exe,cfgmng32.exe, svcprs32.exe , right ?!!

Well I got them too during installaton and they showed up immidiately. Like always, I wetn to web to search info about these programs and found NOTHING, nowhere. Dozens of forums saying it is a backdoor trojan. So used several hours destroying my own PCs security system for hackers to get in. :upset::upset:

These programs are safe. They are part of CA´s security suite. Cfgmng32.exe is parental control, others I don't know about. 

CA has hidden it´s all contact info. All I found was too little boxes where to write. Pages where linked to eachother so after ten rounds of this merrygoround started to get annoyed, noobs I´d call them with 0 points in customer/security service.:upset::upset:

I have installed this "Security Suite" 3 times (29.9-7.10.07) , each time with same programs popping up after installation. Latest installation was 6th or 7th october 2007 (few days ago). 

Stuc


----------



## oldaz

Hi Blinkster, 
I'm not overly computer literate, but joined forum to respond to your questions. SVCRS32.EXE, MDMCLS32.EXE and CFGMNG32.EXE all appeared on my wife's computer after she upgraded from the basic CA to the latest full suite version. We became aware of problems when her computer would be running soooo slowly because these were running flat out in the background. I ran SVCRS32.EXE as a Google search and found heaps of info about problems associated with it and the others.
CFGMNG32.exe is CA's Parental Control and it runs constantly, using heaps of CPU - it can be stopped with windows task manager, as can SVCRS32.exe. These can both be removed as long as you don't want parental control to work properly (or at all).
SVCRS32.exe will use up to 100%CPU if left in place.
MDMCLS32.exe appears to be related to CA's desktop application - stopping it with windows task manager only works for a second and when it restarts itself it uses more memory. 
Have a look on the bleepingcomputer site for a detailed removal process. I was not impressed to find these programs running as backdoor trojans, but I did come up with an easy removal if you need it.
Disconnect internet.
Use registrysmart to remove CA from startup, then reboot.
Use windows removal tool to uninstall CA suite.(CA's desktop application won't uninstall)
Use explorer to find all CA files and delete them.
Use explorer to find the problem files and delete them.
Use CC cleaner to clean files - more detail on the bleepingcomputer site if you are unsure what to clean.
Reboot computer.
Scan with registrysmart and fix problems.
Install new personal firewall - I used Comodo.
Install new antivirus, and away you go.
Cheers, oldaz.


----------



## jamesbond2007

Hey there,
I am a user who has the security suite installed for years.... I have contacted their technical support on various occassions and here are some of my findings.
These files belong to puresight and come as a part of the CA security suite. They are not malicious.

cfgmng32.exe is a parental control file and will be part of your startup.

You can use these instructions to uninstall the parental controls..
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=2914

Hope I am of some help

Cheers
:wink:
JB


----------



## oldaz

It all comes down to what you are prepared to accept - in the case of my wifes computer, after setting it up as outlined in previous post and running Advanced windowscare personal, it runs as good, or better than it did when new. I've used norton and mcafee in the past and after this latest fiasco, I won't be sucked in to upgrading to a full version of any anti-virus again. Just my 2 cents worth.
Cheers,
oldaz


----------



## drumtech

:4-dontknoHey, I'm new to the forum, but I just bought this computer after my old one got hit by lightning. Not used to vista yet,but... anyway my isp offers CA sec. suite for free and my broadband goes out of range and I lose connectivity two or three times a day now,
Also I have no way to change parental control settings and for instants earlier today I tried to pull up a web sight to check nfl scores ,and it said blocked by parental controls catagory sports .....whats the deal with that????? Anyway what should I do, use nortons? or something like avg or combo of different things? DRumtech


----------



## anticaestablish

I have CA installed and I have recently been experiencing 100% cpu utilisation and i also have mdmcls32.exe process running. Can anyone tell me how to get rid of it please ?


----------



## the_binkster

uninstall parental controls


----------



## xLostSoulx

I recomend that you download Security Task Manager. It's a demo, but it will help you:

http://www.neuber.com/taskmanager/

This will tell you where the processes are located, and if they are in the CA folder then you should be fine. If these processes are NOT in the CA folder, or any folder that you may know that they may come from, then it's time to do some research.

mdmcls32.exe:
http://www.greatis.com/appdata/d/m/mdmcls32.exe.htm


cfgmng32.exe:
http://www.fbmsoftware.com/spyware-net/process/cfgmng32_exe/2849/

As for the last one I was unable to find any information. If you really feel suspious of these files then:

1. Run Security Task Manager, and see where they are located.
2. If they are located in a random folder that you do not know them, blacklist them within Task Manager
3. Find the files on your computer, and upload them to VirusTotal.
4. If any viruses found, download Spybot - Search and Destory.
5. Have the resident running, and blacklist the processes.

(Optional step: disable the services / startup for these processes in msconfig / the startup folder)

I hope this information provides some information for you, best of luck with your search!


----------

