Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10549
  • Last Modified:

bo: Stack virus related messages in McAfee VirusScan and problems with Internet

I am at the end of my tether on this problem and think I have a nasty virus here.

IU am runnning Windows XP Professional.

Whenever I access the internet, I get a message in the McAfee Virus scanner indicating "bo:Stack" error in iexplore.ext: loadLibraryA. The problem is detected as Buffer Overflow.

Note that what i am also finding is that when I try to browse to certain sites, the Browser gets overwritten and ends up going to www.msn.com.

Other issues I appear to have are:

1) Cannot do a System Restore successfully. When it reloads the restore point after reboot - Windows informs me it cannot switch to the Restore point

2) On logging in , i get a message indicating that it cannot find some component of MywebSearch - MSSBAR.dll

3) When running regedit, I get a message indicating regedit is not a valid Win32 application

Below is a copy of the HijackThis log.

I would be grateful if you could give me anything I can do to get rid of the virus- Have tried virus checkers Adaware, Firelite.

*** Hijack This log removed by humeniuk PE ***


Regards,

Eliot Minn
0
e2e01
Asked:
e2e01
  • 5
  • 3
1 Solution
 
phototropicCommented:
What makes you think the bo:stack error is a virus?  "Buffer Overflow" usually refers to a program exceeding its allocated memory.   It may also indicate a problem with Virtual Memory...

http://en.wikipedia.org/wiki/Virtual_memory
http://www.theeldergeek.com/paging_file.htm

Other issues:

1) System Restore requires at least 250Mb free space in order to run...check your HDD;
2) MyWebSearch is a known piece of spyware...if you have run Adaware, it will probably have removed it. There may still be an item in your startup folder: Start - Run - msconfig - startup.  Remove the tick from the box next to MyWebSearch or MyWayWhatever...reboot;
3) This issue is discussed here:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21535940.html

0
 
e2e01Author Commented:
OK, have run through the Hijack this analysis and deleted most of the unknowns. There is some improvement in that i don't get the can't find MSSBAR.dll

However, I still have the follwoing symptoms:

1) Whenever I access the internet, I get a message in the McAfee Virus scanner indicating "bo:Stack" error in iexplore.ext: loadLibraryA. The problem is detected as Buffer Overflow.

2) When I try to browse to certain sites, the Browser gets overwritten and ends up going to www.msn.com.

3) When running regedit, I get a message indicating regedit is not a valid Win32 application

Below is a link to the HijackThis analysis

http://www.hijackthis.de/logfiles/4967c971fdaa39879a40d5d74450087b.html

I would be grateful if you could give me anything I can do to get rid of the virus- Have tried virus checkers Adaware, Firelite.

Regards,

Eliot
0
 
e2e01Author Commented:
In answer to phototropic:

1)  Looks like I have removed MyWebSearch stuff anyway so this doesn't seem to be ap orblem anymore
2) HAve already done a Disk Cleanup successfully
2) I have around 34.5 Gb of disk space which should be more than enough for System Restore
3) I still keep getting the bo: Stack error message in the McAfee Virus Checker and this is only when I start Internet Explorer
4) My browser keeps being diverted to www.msn.com

This would appear to me to point to some kind of virus/takeover of the Browser rather than a problem with Virtual Memory which I have never had before.

See my comment above relating to the hijackthis analysis

Regards,

Eliot
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
phototropicCommented:
e2e01,

What is your homepage set to?  If it is about:blank, it's possible that Adaware is detecting this as a hijack and resetting your homepage to the default, which is msn.  Windows defender does something similar.

 
0
 
phototropicCommented:
e2e01,

Some viruses attack windows system files and change the extension .exe to .com. Try typing "regedit.exe" in the run box. What happens when you type "cmd" in the run box.  If it's also giving this error message, do a search for regedit.com.  If you find it, delete it.  Further details here:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21535940.html

As an interim measure, you can create a usable copy of regedit using dougknox's download:

http://www.dougknox.com/xp/utils/xp_emerutils.htm
0
 
phototropicCommented:
e2e01.

There are many forums with people reporting this issue. Always with McAfee detecting bo:Stack error in iexplore.ext: loadLibraryA. In most cases, the resolution appears to involve running a different av. If you can, try running an online scan. Bit defender is good:

http://www.bitdefender.com/scan8/ie.html

So is Trendmicro's Housecall:

http://housecall.trendmicro.com/

Both of these scanners will delete/quarantine what they find, without obliging you to pay for a download.
0
 
e2e01Author Commented:
Dear Phototropic,

Have run both BitDefender and Housecall above ands both hangup, BitDefender during its run and Housecall when it tries to download.

Have attached link to my last Hijack analysis and would appreciate any advice on how to delete the offending items from the registry

The analysis is at:

http://www.hijackthis.de/logfiles/1efb7ddbcc4c722df48446ab1fff3d74.html

Also I am now getting  bo:Heap error in iexplore.ext: loadLibraryA as well as bo:Stack

Is there a solution here or is it just a case of reloading Windows??

Regards,

e2e01
0
 
phototropicCommented:
OK. Your HJT log looks pretty clear. According to McAfee, there is a known false positive problem here:

http://forums.mcafeehelp.com/viewtopic.php?t=46706&postdays=0&postorder=asc&start=0

One of the people posting in the above forum actually experienced the same hangup with Bitdefender on line scan. Bottom line seems to be that no one knows what is causing this. A selection of suggested resolutions:

"...going into command prompt and going to the internet explorer directory in program files and typing "IExplore.exe /rereg" seemed to fix it..."

"...for now just turn off buffer overflow protection..."

"...Install patch 13 This addresses the buffer overflow problem..."

"...I  have finally found the cause of the random VirusScan 8 bo:heap messages from our side. It appears to be an issue with the Lookout search bar when it is indexing in the background as noted on their forum: http://www.lookoutsoft.com/Forums/topic.asp?TOPIC_ID=706 ..."

And so on...

To dig deeper on this, I would suggest contacting McAfee direct:

https://mysupport.mcafee.com/eservice_enu/default.htmstart.swe?SWECmd=Start&SWEHo=mysupport.mcafee.com

BTW, did you get regedit back?
 
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now