?
Solved

Buffer Overflow Error in McAfee / General Malware Concern

Posted on 2009-06-28
6
Medium Priority
?
1,197 Views
Last Modified: 2013-12-09
I am taking a look at a laptop that has some significant problems:

1. It was blue screening, however that seems to have died down.

2.  Continually McAfee will popup a message that says "Buffer Overflow Attempt Blocked" and points to "C:\WINDOWS\system32\services exe".

3.  Though McAfee is installed and up-to-date, Windows gives the "Your Computer May Be at Risk; AntiVirus Software May Not Be Installed" message.

4.  The laptop cannot connect to wireless networks, it can see them and claims it is connected, but cannot pass data.  I updated the wifi card driver and it worked perfectly, however on reboot it no longer works.  I verified the new driver version stuck.

5.  When connected to a wired connection, Windows Update does not work.

Laptop Specs:
Toshiba Tecra A8
Intel T2300
1 GB RAM
Windows XP Pro SP3

Attached is the ComboFix log.
combofixlog.txt
0
Comment
Question by:Chernesky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24732331
Hi,

ok

2. Does Mcaffe Security Log point to an IP address as the BO attempt is made? It is unsuall this would occur, check your event log in Windows under security and verify that the attempt on the services.exe was not made with some crazy username you are unfamiliar with, or even worse, a foreign ip

3. You can remove that by modifing the "Change the Way Windows Alerts Me" in the Security Settings, found in the top left corner of that screen, change Anti-Virus Alerts to Off

4. Can you connect to an unsecured network wirelessly with no encryption? I so, make sure your wireless card supports the encryption protocol you are using in the wireless router

5. Make sure the following services are started - Automatic Updates, Background Intelligent Transfer and Windows Update

Let me know if you have further issues

Jfer
0
 

Author Comment

by:Chernesky
ID: 24732990
Thanks for the reply.

2.  McAffe Security log does not point to an IP for those buffer overflows, but to ADVAPI32.RegOpenKeyA and WS2_32.socket.

4.  Correct, I have tried on multiple unencrypted wireless networks and though it claims it connects with signal strength "Excellent" I cannot send or receive data.

5. Whenever I try to start or stop a service I get an error message that I need to be logged into an account with Administrative privileges, however I am in an Administrator account.  Those services are currently stopped.
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 1500 total points
ID: 24733028
2.the WS2 is WinSock 2 which is normal operations

4.ok, so when you connect to the Access Point, do you connect to lets say google.com or to any ip address,can you get to the Routers management screen wirelessly?

If you can, make sure your router has a dns server ip address, or your machine has a dns ip address

5.Are you the admin, or not? If you are and you are getting that kind of message, you probably have a back door root kit installed. How do you know you're admin? If you go to computer management under users, look at your account and your account memberships

5.the reason the updates fail is because the services are stopped

Jfer
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:Chernesky
ID: 24733108
4.  Right now I have hardware diagnostic scans running, so I'll take a look at the DNS situation tomorrow.

5.  There are two user accounts set up that in the Control Panel > Users display as Computer Administrator.  I will look at the Computer Management user list tomorrow as well.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24737363
any advancements?
0
 

Author Comment

by:Chernesky
ID: 24739128
Both accounts were in the Administrators group.  Enough of the problems with the computer alarm me enough that I am going to reformat it.  I definitely appreciate the help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question