1 Reply Latest reply on Dec 30, 2008 10:39 PM by shumandu

    Buffer Overflow With VER13

      Since the last update of McAfee I have received Buffer Overflow Blocked; C:\Windows\Explorer.exe, warnings. I can just let the system idle and after a few minutes the message appears. Or if I open Outlook Express before the message appears I get the same warning with C:\Program Files\Outlook Express\msimn.exe as the location. The messages appear only once in a session. Since this began I have also noticed strange things happening with my Start Menu and Task Bar. The quick Launch will rearrange or hide itself, start items will not respond to clicks. All my hardware has been tested and is functional. I have ran no less than four separate spyware/malware programs. I have a McAfee subscription through Verizon the subscription seems to auto renew and download each month. After the last renewal the problems began, I removed and re-installed the program at that time with no change.

      versions are:
      Virus 13.0.232
      Firewall 10.0.209
      Security 9.0.295

      Microsoft Windows XP
      Home Edition Service Pack 2

      CPU Type AMD Athlon 64, 2200 MHz
      (11 x 200) 3400+
      Motherboard Name Gigabyte GA-K8N Pro AGP, 3 DDR
      Motherboard Chipset nVIDIA nForce3 150, AMD Hammer
      System Memory 2048 MB (PC3200 DDR SDRAM)
      BIOS Type Award Modular (01/16/04)
      DirectX 4.09.00.0904 (DirectX 9.0c)
      JAVA 6.11
        • 1. Problem found
          After trying several well known spyware apps I used a recommended app called Malwarebytes found here: http://www.malwarebytes.org/ it found an obscure Trojan removed it and all is well. Here is Trojan info:

          Malwarebytes' Anti-Malware 1.31
          Database version: 1571

          12/29/2008 5:55:22 PM
          mbam-log-2008-12-29 (17-55-22).txt

          Scan type: Full Scan (C:\|)
          Objects scanned: 146028
          Time elapsed: 44 minute(s), 41 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 0
          Registry Values Infected: 2
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 1

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          (No malicious items detected)

          Registry Values Infected:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwajumuqobo (Trojan.Agent) -> Delete on reboot.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fwahetaco (Trojan.Agent) -> Delete on reboot.

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          C:\WINDOWS\Wpiyewateb.dll (Trojan.Agent) -> Delete on reboot.