4 Replies Latest reply on Dec 6, 2009 10:41 PM by mudbrains

    svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack

      Hi,

       

      I am using McAfee Virus Sacn Enterprise 8.7.

      I am receiving this message from the virus alert console since yesterday only.

       

      "svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack"

       

      Will it harm my computer anyway?? How do I need to fix it??

       

      Yesterday I updated my Nokia PC Suite from "Nokia_PC_Suite_7_1_30_9_eng_web" to "Nokia_PC_Suite_7_1_40_1_eng_web". After updating the same I rebooted my computer. From then onwards I have been receiving the above said alert.

       

      After I doubted that the PC suite might have caused all these problem, I uninstalled the "Nokia_PC_Suite_7_1_40_1_eng_web" and again installed the previous version of the PC suite i.e. "Nokia_PC_Suite_7_1_30_9_eng_web", but even though I have been receiving this alert. One more thing I receive this alert only when I connect my PC to the internet.

       

      Also when I reboot my computer it show a pop-up "Generic Host Process for Win32 services" has blocked some file. Also while working on the system, the system automatically gets refreshed and the internet connection gets disconnected and to again connect to the internet I need to reboot my computer.

       

      Please help me in fixing this problem.

       

      Thanks

      Rakesh

        • 1. Re: svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack

          I suspect that there is an Internet worm attempting to exploit a vulnerability in Windows on your machine.

           

          Do you have the latest Security patches installed for your Operating system?

           

          Also, does the Buffer Overflow Protection Log (open McAfee console, select "Buffer Overflow protection", right click and view log) give any further details?

           

           

          Message was edited by: Mal09 on 11/28/09 6:55 AM
          • 2. Re: svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack

            Hi Thanks,

             

            The buffer Overflow report is attached herewith. Please go through the same and let me know. Further I have installed the latest security patches on my windows machine. Today till the time I have not received any alert. Please let me know as how to fix this problem.

             

            Thanks

            Rakesh

            • 3. Re: svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack
              maziz

              Hi Rakesh

               

              Firstly, I would recommend that you update to the latest DAT files and run a full scan on the system. Preferrably, I would recommend that the scan is scheduled and not just user initiated. Confirm that there are no detection or that detections are cleaned/deleted. You can post the On Demand Scan log file once this has been done for further review. This will also tell me if the scan is scheduled or not so please make sure it is scheduled.

               

              Secondly, I would recommend that you set up your system to create a memory dump file for Buffer overflow detections. This will cause your machine to Blue Screen when a Buffer Overflow occurs. To do this go to the McAfee Service Portal HERE and click on "Search The KnowledgeBase" on the right hand side under Self Service. Then, in the search box, type KB54839. This will instruct you on how to do this.

               

              The memory dump file created can then be analyzed to determine the cause of the Buffer Overflow.

               

              Hope this helps.

              • 4. Re: svchost.exe:KELNER32.LoadLibraryA / BO:writable BO:stack

                Hi,

                 

                How many computers you are using in the network?

                 

                Thanks

                Jenish