Buffer Overflow Trying to Start Internet Explorer and File Explorer

I have a Dell desktop running Microsft XP and McAfee Security Center which has suddenly started blocking a "Buffer Overflow" whenever I try to start Internet Explorer or File Explorer.

I have run the McAfee scans 3 times.  It found something the first time (see first two attached files) and I have also run anti-spyware program SuperAntiSpyware twice.  After all scans came back clean I am still getting the Buffer Overflow (see third attached file).  I made sure both programs were updated with the latest files before I ran the scans.

Any suggestions would be appreciated.

Thanks,
Jerry
McAfee-Security-Center-Screen.jpg
McAfee-Security-Center-Screen--2.jpg
McAfee-Security-Center-Screen--3.jpg
LVL 16
Jerry PaladinoAsked:
Who is Participating?
 
mail2prabirCommented:
Hi

in order to rule out possibility of malware on your system run ComboFix:
Download it from here to your desktop and - just to make sure - rename it slightly before issuing the download command:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then study the instructions carefully, as this is no easy tool to handle:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
(Note: I f you have a working Windows Install CD, there is no need to install the Recovery Console)

Run ComboFix from your desktop, disable all antivirus applications as well as file/folder shields and guards that may be running in the background. Remember to not click the CF window while it is running, as this will cause it to freeze.

ComboFix may reboot your machine, it will also temporarily deactivate your internet connection.

Finally, post the combofix logfile here as an attachment.
0
 
mail2prabirCommented:
Hi

The problem your narrated is due to a vulnerability caused by boundary error, which can be triggered via Internet Explorer and Windows Explorer when connecting to a file server. This can be exploited to cause a buffer overflow by setting up a malicious share with an overly long name (about 300 bytes) containing no lower case characters.

Successful exploitation may potentially allow execution of arbitrary code on a user's system but requires that the user is either tricked into connecting to a malicious file server, visit a malicious website, or follow a specially crafted link.

According to a Microsoft knowledge base article (see "Other References" section), the vulnerability should have been fixed in SP1 for Windows XP and SP4 for Windows 2000. However, the vulnerability has been confirmed on fully patched systems running Windows XP SP1 and Windows 2000 SP4.

The vulnerability has also been reported in Windows 95, 98, Me, and NT 4.0. Systems running Windows 2003 are reportedly not affected.

Resolution: it appears that the worm has activated the vunerability in your system. the problem can be resolved by downloading and installing Service Pack 3 for XP on your system.

if problem still persists, please let me know.
0
 
Jerry PaladinoAuthor Commented:
mail2prabir:
Thank you for your suggestion.  I just looked at "Properties" for "My Computer" and it says that Service Pack 3 is installed.  
"Microsoft Windows XP Professional Version 2002 Service Pack 3"
I have to leave for a few hours this afternoon but if have other suggestions I will work through them this evening.
Thank you again!
Jerry
0
 
Jerry PaladinoAuthor Commented:
mail2prabir:
I did not use the ComboFix tool.  I ended up having McAfee's virus removal team log onto the machine remotely and fix the problems.  However, after answering multiple questions on EE myself, I do appreciate the time you took to respond and point me to possible answers.  Thank you again for your time.

Jerry
0
 
juggernaut78Commented:
I have a bufferoverflow issue too while scanning with MC Afee and it shows trojan files(with some ie5 with deleted status, and winlogon.exe virus which can neither be cleaned/deleted.
path temporary internet files and continuous buffer overflow.
Hence I'm not able to proceed with windows update also, due to a bufferflow issue resulting in a hexadecimalnumber error message.
How can I circumvent this issue, since my OS is already on Windows XP , SP3?
Thanks
 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.