Chernesky
asked on
Buffer Overflow Error in McAfee / General Malware Concern
I am taking a look at a laptop that has some significant problems:
1. It was blue screening, however that seems to have died down.
2. Continually McAfee will popup a message that says "Buffer Overflow Attempt Blocked" and points to "C:\WINDOWS\system32\servi
3. Though McAfee is installed and up-to-date, Windows gives the "Your Computer May Be at Risk; AntiVirus Software May Not Be Installed" message.
4. The laptop cannot connect to wireless networks, it can see them and claims it is connected, but cannot pass data. I updated the wifi card driver and it worked perfectly, however on reboot it no longer works. I verified the new driver version stuck.
5. When connected to a wired connection, Windows Update does not work.
Laptop Specs:
Toshiba Tecra A8
Intel T2300
1 GB RAM
Windows XP Pro SP3
Attached is the ComboFix log.
combofixlog.txt
1. It was blue screening, however that seems to have died down.
2. Continually McAfee will popup a message that says "Buffer Overflow Attempt Blocked" and points to "C:\WINDOWS\system32\servi
3. Though McAfee is installed and up-to-date, Windows gives the "Your Computer May Be at Risk; AntiVirus Software May Not Be Installed" message.
4. The laptop cannot connect to wireless networks, it can see them and claims it is connected, but cannot pass data. I updated the wifi card driver and it worked perfectly, however on reboot it no longer works. I verified the new driver version stuck.
5. When connected to a wired connection, Windows Update does not work.
Laptop Specs:
Toshiba Tecra A8
Intel T2300
1 GB RAM
Windows XP Pro SP3
Attached is the ComboFix log.
combofixlog.txt
ASKER
Thanks for the reply.
2. McAffe Security log does not point to an IP for those buffer overflows, but to ADVAPI32.RegOpenKeyA and WS2_32.socket.
4. Correct, I have tried on multiple unencrypted wireless networks and though it claims it connects with signal strength "Excellent" I cannot send or receive data.
5. Whenever I try to start or stop a service I get an error message that I need to be logged into an account with Administrative privileges, however I am in an Administrator account. Those services are currently stopped.
2. McAffe Security log does not point to an IP for those buffer overflows, but to ADVAPI32.RegOpenKeyA and WS2_32.socket.
4. Correct, I have tried on multiple unencrypted wireless networks and though it claims it connects with signal strength "Excellent" I cannot send or receive data.
5. Whenever I try to start or stop a service I get an error message that I need to be logged into an account with Administrative privileges, however I am in an Administrator account. Those services are currently stopped.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
4. Right now I have hardware diagnostic scans running, so I'll take a look at the DNS situation tomorrow.
5. There are two user accounts set up that in the Control Panel > Users display as Computer Administrator. I will look at the Computer Management user list tomorrow as well.
5. There are two user accounts set up that in the Control Panel > Users display as Computer Administrator. I will look at the Computer Management user list tomorrow as well.
any advancements?
ASKER
Both accounts were in the Administrators group. Enough of the problems with the computer alarm me enough that I am going to reformat it. I definitely appreciate the help.
ok
2. Does Mcaffe Security Log point to an IP address as the BO attempt is made? It is unsuall this would occur, check your event log in Windows under security and verify that the attempt on the services.exe was not made with some crazy username you are unfamiliar with, or even worse, a foreign ip
3. You can remove that by modifing the "Change the Way Windows Alerts Me" in the Security Settings, found in the top left corner of that screen, change Anti-Virus Alerts to Off
4. Can you connect to an unsecured network wirelessly with no encryption? I so, make sure your wireless card supports the encryption protocol you are using in the wireless router
5. Make sure the following services are started - Automatic Updates, Background Intelligent Transfer and Windows Update
Let me know if you have further issues
Jfer