6 Replies Latest reply on Dec 7, 2007 11:41 PM by amit.lion

    BO:WritableBo:Heap

    cmuir
      I am having a continual virus alert via my Mcafee Virus scan 8.5i. It says the virus is detected as BO:WritableBO:Heap
      It's state is :Blocked by Buffer Overflow protection

      The file is shown as C:\WINDOWS\System32|svchost.exe:KERNEL32.LoadLibrayA

      Viruscan is not allowing me to clean or delete file these options are not on offer (grey) and the virusscan virus alert window is up continually just adding more and more alerts to the C\Windows\System32 file.

      As a result the computer keeps hanging and I can do nothing on it but watch these virus alerts mount up.

      The Virusscan is bang up to date. I have tried searching for the BO birus and a suitable removal tool but am lost now.

      Any advice please??
        • 1. RE: BO:WritableBo:Heap
          Peter M
          I can't find anything that will help with this internally. Until one of the Corporate/Enterprise support people comment here, this is all I can suggest.
          Use "Hijackthis" and post its log on any of the following forums for help (not here):

          DOWNLOAD HIJACKTHIS

          Post the logs at a specialist Forum:

          BLEEPING COMPUTER FORUM

          AUMHA FORUM

          GEEKS TO GO FORUM

          SPYWARE INFO FORUM

          TECH GUY FORUM

          TOM COYOTE FORUM

          MALWARE REMOVAL FORUM

          I had originally moved this to Virus Discussions & Removal Assistance, but it vanished from there and I assumed, wrongly, that it had been dealt with, sorry about that. Someone obviously moved it back to the VirusScan 8.xi section.
          • 2. RE: BO:WritableBo:Heap
            tonyb99
            Most BOHeap messages are VSE being oversensitive.

            Are you up to date with service pack 1 for VSE 8.5?
            There lots of issues with false alarms on VSE 8.0 pre patch 14 and some on VSE 8.5 pre patch 1.

            If thats not the case then you have 2 possibilities.

            1) Its a false alarm (switch off the BO notifications message but keep logging them).

            2) It might be false or maybe not, switch to warning mode and see if your system dissapears in a cloud of dust.

            First thing though check all the VSE component logs for signs of infection and run a full exhaustive scan, try a spyware scan too if possible. (AVG one is pretty good and free for a month then you can remove it)
            • 3. RE: BO:WritableBo:Heap
              I have also been getting the bo:heap message, below is the log file from my VS

              9/21/2007 8:55:09 PM Blocked by Buffer Overflow Protection C:\WINDOWS\Explorer.EXE:KERNEL32.GetProcAddress BO:Writable BO:Heap

              9/21/2007 9:14:30 PM Blocked by Buffer Overflow Protection C:\WINDOWS\explorer.exe:KERNEL32.GetProcAddress BO:Writable BO:Heap

              9/21/2007 10:08:53 PM Blocked by Buffer Overflow Protection C:\WINDOWS\explorer.exe:KERNEL32.GetProcAddress BO:Writable BO:Heap

              this is after I upgraded to VS8.5i + SP2 + AS

              when this event is triggered there is always a second explorer.exe process running
              if I end it through tskmgr.exe , it would work some times not all the time.

              any suggestions

              Thanks
              • 4. RE: BO:WritableBo:Heap

                 

                Are you up to date with service pack 1 for VSE 8.5?



                I cannot locate the download for SP1 for VSE 8.5. It does not show up on Mcafee's download site. The only patch is Patch 3.
                • 5. RE: BO:WritableBo:Heap
                  tonyb99
                  Yes its gone from the corporate support portal downloads as its been superceeded by patch 3 but if you log a case with support they can provide it to you.
                  • 6. BO:WritableBo:Heap
                    I am having a continual virus alert via my Mcafee Virus scan 8.5i. It says the virus is detected as BO:WritableBO:Heap
                    It's state is :Blocked by Buffer Overflow protection

                    The file is shown as C:\WINDOWS\System32|svchost.exe:KERNEL32.LoadLibra yA

                    Viruscan is not allowing me to clean or delete file these options are not on offer (grey) and the virusscan virus alert window is up continually just adding more and more alerts to the C\Windows\System32 file.

                    As a result the computer keeps hanging and I can do nothing on it but watch these virus alerts mount up.

                    The Virusscan is bang up to date. I have tried searching for the BO birus and a suitable removal tool but am lost now.

                    Any advice please??