BarExAv attacking my Event log

February 15, 2012 – 1:07 pm

BarExAv attacking my Event logLike all of the well known computer geek peeps, I understand the importance of logging events. On a day in history I like to refer to as a what-is-in-my-log-file? kind of day, I found some events that I have not previously played around with, so I started searching for an answer, the answer wasn’t found online using Google or Yahoo! or Bing (sometimes I’ll try anything). What is a BarExAv and what is it doing in my log files?

Spoiler alert, you can scroll to BarExAv reason or keep reading.

When I find an error in a log file (or anytime I have Internet access and something to search the Internet using) I will search online for others that have written, blogged, asked, queried, or just left a footprint of search residue somewhere. When I found BarExAv I was nearly left alone with my searches. It seems that there are not other people asking or commenting about the BarExAv event item, which comes up with the Event ID 0 which is something that most computer geek peeps know is a bad thing.

Why is it a bad thing?
(if you want to know, just leave a comment and I’ll share in the comments with you)

I’ve included some screen shots of the event logs for help in answering the question posed to the Internet, what is BarExAv and why is BarExAv in my Event log?

But before I give the reason why, first some lovely pictures:

BarExAv log event

BarExAv log event

BarExAv log event

Now, the reason for the BarExAv event is that a virus, malware, or other infected email item was found and the Barracuda Spam & Virus Firewall which is communicating with your Microsoft Exchange email server is informing you, with too little of information, about what is occurring.

That’s it. Nothing more, you are free to go now. . . . . What, still here? Well, since you are still reading I can be of a little more help to you, sometimes you will see something about the BarExWizard causing problems but the source “Application Error” and Event ID 1000 does not lead you to anything much useful. Restart the service associated or restart your Exchange server (I know people don’t like restarting servers, but what’s a few extra seconds of delay when you’re curious?).

BarExAv log event

BarExAv log event

Unlike many of the alleged computer geek wanna-be’s, logging events is not always enough, so I also read through the log files. Though it’s not an every day occurrence like it probably should be, it’s not always the slow that lose the race, remember the turtle beat the bunny in their encounter.

check your log files

Here’s one more for the road, but this is something mostly uninteresting:

BarExAv log event

Below is only for search engine purposes, it’s the actual event log messages.

Log Name: Application
Source: BarExAv
Date: 2/15/2012 9:46:28 AM
Event ID: 0
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: computer.name.com
Description:
File is infected: SFP.Malware.19409.Web (Malware)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BarExAv" />
<EventID Qualifiers="49154">0</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-15T17:46:28.000000000Z" />
<EventRecordID>921130</EventRecordID>
<Channel>Application</Channel>
<Computer>computer.name.com</Computer>
<Security />
</System>
<EventData>
<Data>File is infected: SFP.Malware.19409.Web (Malware)</Data>
</EventData>
</Event>

Log Name: Application
Source: Application Error
Date: 1/9/2012 10:14:35 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: computer.name.com
Description:
Faulting application name: BarExWizard.exe, version: 1.0.14.0, time stamp: 0x4dee5448
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2d00
Faulting application start time: 0x01cccefa51112985
Faulting application path: C:\Program Files\Barracuda\Spam & Virus Firewall\Antivirus for Exchange\BarExWizard.exe
Faulting module path: unknown
Report Id: c8e28bfd-3aed-11e1-be6d-a4badb479022
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-09T18:14:35.000000000Z" />
<EventRecordID>896661</EventRecordID>
<Channel>Application</Channel>
<Computer>computer.name.com</Computer>
<Security />
</System>
<EventData>
<Data>BarExWizard.exe</Data>
<Data>1.0.14.0</Data>
<Data>4dee5448</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000000000000</Data>
<Data>2d00</Data>
<Data>01cccefa51112985</Data>
<Data>C:\Program Files\Barracuda\Spam &amp; Virus Firewall\Antivirus for Exchange\BarExWizard.exe</Data>
<Data>unknown</Data>
<Data>c8e28bfd-3aed-11e1-be6d-a4badb479022</Data>
</EventData>
</Event>

  1. 2 Responses to “BarExAv attacking my Event log”

  2. Also the time it takes to run a full system scan is very
    short and the program is extremely quick compared to
    other free anti-spyware programs. You can also try out a variety of
    anti-spyware programs for free and then decide to take
    your pick and buy the one which, according to you, gives the best service.
    PDAs, smart phones, and personal organizers are also subject to spyware infection.

    By malware anti virus software on Jul 29, 2013

  3. 18(78)は、ブローヴァ腕時計マンチェスターユナイテッド・クラブの分のマーカーは、1878年(明治11年)の日付は、緑と金で印刷されます。これは非常に賢い(と超便利)クラブの起源へのうなずきです。鉄道の接続を参照して、ダイヤルの間の12時間18分のマーカーの端のまわりで列車トラックの範囲を実行します。これは我々に思い出させました輸入部のランカシャーとヨークシャーのレール・システムによってマンチェスターの開発においては産業革命の間に。 http://www.newkakaku.com/boq1.htm

    By 18(78)は、ブローヴァ腕時計マンチェスターユナイテッド・クラブの分のマーカーは、1878年(明治11年)の日付は、緑と金で印刷されます。これは非常に賢い(と超便利)クラブの起源へ on Mar 1, 2016

Post a Comment