2 Replies Latest reply on Oct 13, 2009 2:48 PM by khurtado

    Buffer Overflow ADVAPI32.RegOpenKeyA at client log on

      Every morning when a client logs onto the workstation the following alert is generated:
      Blocked by Buffer Overflow Protection C:\WINDOWS\system32

      \services.exe!*::ADVAPI32.RegOpenKeyA = *. (from USERNAME IP XXX.XX.XX.XX user NT AUTHORITY\SYSTEM running VirusScan Ent. 8.5 OAS)

      I can't find any info on what is causing this.
      We are running VirusScan Enterprise Ver 8.5i
      scan engine version (32-bit) 5301.4018
      DAT Version 5758.0000
      buffer overflow and access protection DAT Version 354

        • 1. same issue here

          I'm having the same issue but only with my own station, there are days it comes up and there days when I don't see it, it only pops up after a complete shut down over night, tested it out after just a reboot but I did not receive the pop-up box.

          Process: C:\Windows\System32\Services.exe
          Action: Buffer Overflow blocked
          Status: Not safe to use this file
          Module: advapi32.regopenkeya
          • 2. Overflow ADVAPI32.RegOpenKeyA
            Don't know if this is related but I found C:\Windows\9129837.exe which happens to be a Trojan. I removed it from the start up but the problem was still there. It looks like McAfee cleaned all but a few traces of it. In the end user got a new O.S.