Problem: I have a desktop PC that has contacted the BO:Writable BO:Heap virus alert ... and I can't seem to get rid of it. I have tried many things, but all to no avail.
Scenario: 1. When the user tries to use the internet (IE 6), they get the following virus alert from McAfee:
Name: C:\Program Files\Internet Explorer\iexplorer.exe:KERNEL32.GetProcAddress
Detected As: BO:Writable BO:Heap
State: Blocked by Buffer Overflow Protection
2. All other software works perfectly fine ... .no issues/problems ... only IE6 is the problem.
Current State: 1. Currently we have McAfee's Enterprise Solution 8.5i as our virus protection. The patch
version is 5; scan engine is 5200.2160; dat version is 5303.0000; created on 05/26/08;
buffer overflow and access protection dat version is 354.
2. We are a Microsoft shop, so using another browser is not an option.
What I have done: 1. I have run a McAfee virus scan and nothing was found.
2. I installed Spy Sweeper and it found spyware but did not rid the PC of the 2 alerts.
3. I downloaded BitDefender and ran it ... it too found stuff but did not rid the PC of
the above 2 alerts.
4. I installed Symantec's Endpoint Protection ... and that froze on me while running.
5. I have investigated experts-exchange and so far, "it seems" that things I have tried
experts-exchange has suggested.
Other things: 1. The PC is a corporate controlled PC, so I can't change the buffer overflow protection.
2. I don't want to re-format the hard drive, but if I have to ... I have to. Since the users can
get to their data, I may just copy the data to a memory stick and put it back on when the
hard drive is re-formatted and all software is re-installed ... again, I don't want to, but if I
have to I will.
3. However, I find this a challenge and I want to understand how to remove this message
in case it happens again on another PC.
4. I have been to McAfee's website and they do acknowledge that the above 2 alerts have
been found by McAfee's anti-virus software; however unless I missed it, McAfee did not
give a solution to rid the PC of the 2 alerts.
Thanks for your help.