?
Solved

Buffer Overflow Trying to Start Internet Explorer and File Explorer

Posted on 2009-04-26
5
Medium Priority
?
1,134 Views
Last Modified: 2013-12-09
I have a Dell desktop running Microsft XP and McAfee Security Center which has suddenly started blocking a "Buffer Overflow" whenever I try to start Internet Explorer or File Explorer.

I have run the McAfee scans 3 times.  It found something the first time (see first two attached files) and I have also run anti-spyware program SuperAntiSpyware twice.  After all scans came back clean I am still getting the Buffer Overflow (see third attached file).  I made sure both programs were updated with the latest files before I ran the scans.

Any suggestions would be appreciated.

Thanks,
Jerry
McAfee-Security-Center-Screen.jpg
McAfee-Security-Center-Screen--2.jpg
McAfee-Security-Center-Screen--3.jpg
0
Comment
Question by:Jerry Paladino
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:mail2prabir
ID: 24236761
Hi

The problem your narrated is due to a vulnerability caused by boundary error, which can be triggered via Internet Explorer and Windows Explorer when connecting to a file server. This can be exploited to cause a buffer overflow by setting up a malicious share with an overly long name (about 300 bytes) containing no lower case characters.

Successful exploitation may potentially allow execution of arbitrary code on a user's system but requires that the user is either tricked into connecting to a malicious file server, visit a malicious website, or follow a specially crafted link.

According to a Microsoft knowledge base article (see "Other References" section), the vulnerability should have been fixed in SP1 for Windows XP and SP4 for Windows 2000. However, the vulnerability has been confirmed on fully patched systems running Windows XP SP1 and Windows 2000 SP4.

The vulnerability has also been reported in Windows 95, 98, Me, and NT 4.0. Systems running Windows 2003 are reportedly not affected.

Resolution: it appears that the worm has activated the vunerability in your system. the problem can be resolved by downloading and installing Service Pack 3 for XP on your system.

if problem still persists, please let me know.
0
 
LVL 16

Author Comment

by:Jerry Paladino
ID: 24236859
mail2prabir:
Thank you for your suggestion.  I just looked at "Properties" for "My Computer" and it says that Service Pack 3 is installed.  
"Microsoft Windows XP Professional Version 2002 Service Pack 3"
I have to leave for a few hours this afternoon but if have other suggestions I will work through them this evening.
Thank you again!
Jerry
0
 
LVL 5

Accepted Solution

by:
mail2prabir earned 2000 total points
ID: 24242479
Hi

in order to rule out possibility of malware on your system run ComboFix:
Download it from here to your desktop and - just to make sure - rename it slightly before issuing the download command:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then study the instructions carefully, as this is no easy tool to handle:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
(Note: I f you have a working Windows Install CD, there is no need to install the Recovery Console)

Run ComboFix from your desktop, disable all antivirus applications as well as file/folder shields and guards that may be running in the background. Remember to not click the CF window while it is running, as this will cause it to freeze.

ComboFix may reboot your machine, it will also temporarily deactivate your internet connection.

Finally, post the combofix logfile here as an attachment.
0
 
LVL 16

Author Closing Comment

by:Jerry Paladino
ID: 31574694
mail2prabir:
I did not use the ComboFix tool.  I ended up having McAfee's virus removal team log onto the machine remotely and fix the problems.  However, after answering multiple questions on EE myself, I do appreciate the time you took to respond and point me to possible answers.  Thank you again for your time.

Jerry
0
 

Expert Comment

by:juggernaut78
ID: 24335942
I have a bufferoverflow issue too while scanning with MC Afee and it shows trojan files(with some ie5 with deleted status, and winlogon.exe virus which can neither be cleaned/deleted.
path temporary internet files and continuous buffer overflow.
Hence I'm not able to proceed with windows update also, due to a bufferflow issue resulting in a hexadecimalnumber error message.
How can I circumvent this issue, since my OS is already on Windows XP , SP3?
Thanks
 
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question