bo: Stack virus related messages in McAfee VirusScan and problems with Internet

I am at the end of my tether on this problem and think I have a nasty virus here.

IU am runnning Windows XP Professional.

Whenever I access the internet, I get a message in the McAfee Virus scanner indicating "bo:Stack" error in iexplore.ext: loadLibraryA. The problem is detected as Buffer Overflow.

Note that what i am also finding is that when I try to browse to certain sites, the Browser gets overwritten and ends up going to www.msn.com.

Other issues I appear to have are:

1) Cannot do a System Restore successfully. When it reloads the restore point after reboot - Windows informs me it cannot switch to the Restore point

2) On logging in , i get a message indicating that it cannot find some component of MywebSearch - MSSBAR.dll

3) When running regedit, I get a message indicating regedit is not a valid Win32 application

Below is a copy of the HijackThis log.

I would be grateful if you could give me anything I can do to get rid of the virus- Have tried virus checkers Adaware, Firelite.

*** Hijack This log removed by humeniuk PE ***


Regards,

Eliot Minn
e2e01Asked:
Who is Participating?
 
phototropicCommented:
OK. Your HJT log looks pretty clear. According to McAfee, there is a known false positive problem here:

http://forums.mcafeehelp.com/viewtopic.php?t=46706&postdays=0&postorder=asc&start=0

One of the people posting in the above forum actually experienced the same hangup with Bitdefender on line scan. Bottom line seems to be that no one knows what is causing this. A selection of suggested resolutions:

"...going into command prompt and going to the internet explorer directory in program files and typing "IExplore.exe /rereg" seemed to fix it..."

"...for now just turn off buffer overflow protection..."

"...Install patch 13 This addresses the buffer overflow problem..."

"...I  have finally found the cause of the random VirusScan 8 bo:heap messages from our side. It appears to be an issue with the Lookout search bar when it is indexing in the background as noted on their forum: http://www.lookoutsoft.com/Forums/topic.asp?TOPIC_ID=706 ..."

And so on...

To dig deeper on this, I would suggest contacting McAfee direct:

https://mysupport.mcafee.com/eservice_enu/default.htmstart.swe?SWECmd=Start&SWEHo=mysupport.mcafee.com

BTW, did you get regedit back?
 
0
 
phototropicCommented:
What makes you think the bo:stack error is a virus?  "Buffer Overflow" usually refers to a program exceeding its allocated memory.   It may also indicate a problem with Virtual Memory...

http://en.wikipedia.org/wiki/Virtual_memory
http://www.theeldergeek.com/paging_file.htm

Other issues:

1) System Restore requires at least 250Mb free space in order to run...check your HDD;
2) MyWebSearch is a known piece of spyware...if you have run Adaware, it will probably have removed it. There may still be an item in your startup folder: Start - Run - msconfig - startup.  Remove the tick from the box next to MyWebSearch or MyWayWhatever...reboot;
3) This issue is discussed here:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21535940.html

0
 
e2e01Author Commented:
OK, have run through the Hijack this analysis and deleted most of the unknowns. There is some improvement in that i don't get the can't find MSSBAR.dll

However, I still have the follwoing symptoms:

1) Whenever I access the internet, I get a message in the McAfee Virus scanner indicating "bo:Stack" error in iexplore.ext: loadLibraryA. The problem is detected as Buffer Overflow.

2) When I try to browse to certain sites, the Browser gets overwritten and ends up going to www.msn.com.

3) When running regedit, I get a message indicating regedit is not a valid Win32 application

Below is a link to the HijackThis analysis

http://www.hijackthis.de/logfiles/4967c971fdaa39879a40d5d74450087b.html

I would be grateful if you could give me anything I can do to get rid of the virus- Have tried virus checkers Adaware, Firelite.

Regards,

Eliot
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
e2e01Author Commented:
In answer to phototropic:

1)  Looks like I have removed MyWebSearch stuff anyway so this doesn't seem to be ap orblem anymore
2) HAve already done a Disk Cleanup successfully
2) I have around 34.5 Gb of disk space which should be more than enough for System Restore
3) I still keep getting the bo: Stack error message in the McAfee Virus Checker and this is only when I start Internet Explorer
4) My browser keeps being diverted to www.msn.com

This would appear to me to point to some kind of virus/takeover of the Browser rather than a problem with Virtual Memory which I have never had before.

See my comment above relating to the hijackthis analysis

Regards,

Eliot
0
 
phototropicCommented:
e2e01,

What is your homepage set to?  If it is about:blank, it's possible that Adaware is detecting this as a hijack and resetting your homepage to the default, which is msn.  Windows defender does something similar.

 
0
 
phototropicCommented:
e2e01,

Some viruses attack windows system files and change the extension .exe to .com. Try typing "regedit.exe" in the run box. What happens when you type "cmd" in the run box.  If it's also giving this error message, do a search for regedit.com.  If you find it, delete it.  Further details here:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21535940.html

As an interim measure, you can create a usable copy of regedit using dougknox's download:

http://www.dougknox.com/xp/utils/xp_emerutils.htm
0
 
phototropicCommented:
e2e01.

There are many forums with people reporting this issue. Always with McAfee detecting bo:Stack error in iexplore.ext: loadLibraryA. In most cases, the resolution appears to involve running a different av. If you can, try running an online scan. Bit defender is good:

http://www.bitdefender.com/scan8/ie.html

So is Trendmicro's Housecall:

http://housecall.trendmicro.com/

Both of these scanners will delete/quarantine what they find, without obliging you to pay for a download.
0
 
e2e01Author Commented:
Dear Phototropic,

Have run both BitDefender and Housecall above ands both hangup, BitDefender during its run and Housecall when it tries to download.

Have attached link to my last Hijack analysis and would appreciate any advice on how to delete the offending items from the registry

The analysis is at:

http://www.hijackthis.de/logfiles/1efb7ddbcc4c722df48446ab1fff3d74.html

Also I am now getting  bo:Heap error in iexplore.ext: loadLibraryA as well as bo:Stack

Is there a solution here or is it just a case of reloading Windows??

Regards,

e2e01
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.