×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
shumandu
Contributor
Message 1 of 2

Buffer Overflow With VER13

Since the last update of McAfee I have received Buffer Overflow Blocked; C:\Windows\Explorer.exe, warnings. I can just let the system idle and after a few minutes the message appears. Or if I open Outlook Express before the message appears I get the same warning with C:\Program Files\Outlook Express\msimn.exe as the location. The messages appear only once in a session. Since this began I have also noticed strange things happening with my Start Menu and Task Bar. The quick Launch will rearrange or hide itself, start items will not respond to clicks. All my hardware has been tested and is functional. I have ran no less than four separate spyware/malware programs. I have a McAfee subscription through Verizon the subscription seems to auto renew and download each month. After the last renewal the problems began, I removed and re-installed the program at that time with no change.

versions are:
Virus 13.0.232
Firewall 10.0.209
Security 9.0.295

Microsoft Windows XP
Home Edition Service Pack 2

CPU Type AMD Athlon 64, 2200 MHz
(11 x 200) 3400+
Motherboard Name Gigabyte GA-K8N Pro AGP, 3 DDR
Motherboard Chipset nVIDIA nForce3 150, AMD Hammer
System Memory 2048 MB (PC3200 DDR SDRAM)
BIOS Type Award Modular (01/16/04)
DirectX 4.09.00.0904 (DirectX 9.0c)
JAVA 6.11
1 Reply
shumandu
Contributor
Message 2 of 2

Problem found

After trying several well known spyware apps I used a recommended app called Malwarebytes found here: http://www.malwarebytes.org/ it found an obscure Trojan removed it and all is well. Here is Trojan info:

Malwarebytes' Anti-Malware 1.31
Database version: 1571

12/29/2008 5:55:22 PM
mbam-log-2008-12-29 (17-55-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 146028
Time elapsed: 44 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwajumuqobo (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fwahetaco (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Wpiyewateb.dll (Trojan.Agent) -> Delete on reboot.
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community