Security [CENTRAL] Forum - SCforum.info
21. May 2012., 17:42:54 *
Welcome, Guest. Please login or register.

Login with username, password and session length

SCforum.info - Security [CENTRAL] Forum

↑ Grab this Headline Animator

Custom Search
News: For ultra cheap bullet proof vests, hard armor ballistic plates or for advice on body armor in general visit SafeGuardClothing.com
 
  Home Help Chess Links Login Register   *

SCforum.info


furniture store



SCF Friends
SCF Portal Stats
Members
Total Members: 11252
Latest: jexphe2k
Stats
Total Posts: 15613
Total Topics: 4329
Online Today: 1206
Online Ever: 51419
(01. January 2010., 10:27:49)

SCF UnSpam

Top Ten Antivirus Software

Friend of WOT


SCF Feedburner

SCF Facebook

SCF Twitter

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)





Security [CENTRAL] Forum - SCforum.info > SCF Support Area: > >>> PC Help Center !!! <<< (Moderators: neerajrawat1, jheysen) > Topic: BO:writable BO:stack (McAfee 8.5 Patch 7)
Pages: 1 2 »
« previous next »
  Print  
Author Topic: BO:writable BO:stack (McAfee 8.5 Patch 7)  (Read 38840 times)
0 Members and 4 Guests are viewing this topic.
futterplop
SCF Newbie
*

KARMA: 1
Posts: 5
« on: 26. November 2008., 15:38:14 »
I am getting this error mesage on 6 PC's on the network.
BO:writable BO:stack  blocked by buffer overflow

I am using mcafee 8.5 with patch 7 (thanks for that)

I am running spyware doctor at the moment I will get logs for you soon. I just thought you might have an idea what the problem might be..thank you for the help in advance
Logged
Security [CENTRAL] Forum - SCforum.info
« on: 26. November 2008., 15:38:14 »


 Logged
Samker
SCF Administrator
*****

KARMA: 86
Gender: Male
Location: Europe
Posts: 5071


Whatever doesn't kill us makes us stronger.

Google Talk
WWW
« Reply #1 on: 26. November 2008., 16:12:44 »
Hi Futterplop,

for this error try to turn off Buffer Overflow Protection (I was also turned off this protection  Wink) :

VirusScan Console/Buffer Overflow Protection/Unchek B.O.P.

Hope this will help you, I'll also later check your logs.

Regards,

Samker
Logged
~

SCF "Remote PC Assist": http://scforum.info/index.php/topic,3067.0.html

~~~
futterplop
SCF Newbie
*

KARMA: 1
Posts: 5
« Reply #2 on: 26. November 2008., 16:20:45 »
wouldnt turning off buffer overflow protection be a bad idea? I tried both kaspersky and bitdefender but they wouldnt run. I did get panda to run and it looks like it found something. Does panda still make a log file? I will run hijack this later. Thank you for you help
Logged
Samker
SCF Administrator
*****

KARMA: 86
Gender: Male
Location: Europe
Posts: 5071


Whatever doesn't kill us makes us stronger.

Google Talk
WWW
« Reply #3 on: 26. November 2008., 19:34:11 »
Quote
wouldnt turning off buffer overflow protection be a bad idea?

I don't think so, as I said earlier I was also turn BOP off and don't have any kind of security problem.  Wink

If Panda doesn't provide log, just copy text what he found infected. Of course HJT log is very important.

Quote
Thank you for you help

No problem, we are here to help SCF Members. Police

S.
Logged
~

SCF "Remote PC Assist": http://scforum.info/index.php/topic,3067.0.html

~~~
futterplop
SCF Newbie
*

KARMA: 1
Posts: 5
« Reply #4 on: 27. November 2008., 09:27:36 »
Hi Samker,

I tried to turn BOP on one of the PC's and it was all greyed out...also I tried to upgrade to patch 7 and it gives me a windows installer error...do you have any ideas about these things? the panda and HJT logs I am posting are from the PC i have done the most work on...I have run adaware and spyware doctor as well as trend micros housecall here are the logfiles for hijack this the panda one was pretty useless. pleae let me know if you come up with anything usefull from this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:01, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\WDW\KLOG32.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\WDW\wdw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {B1AF8980-B73E-304C-6C3D-26FF6AD421EC} - C:\DOCUME~1\kspain\APPLIC~1\MEALEL~1\Thirddale.exe (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EA10596F-310B-9121-8E9E-77032DA89682} - C:\DOCUME~1\SFITZP~1\APPLIC~1\MEALEL~1\Thirddale.exe (file missing)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ie
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192535593093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192535561984
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.146.224.245:85/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = osmosis.local
O17 - HKLM\Software\..\Telephony: DomainName = osmosis.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{226BD6FD-6759-46C1-AA5B-84A227394EE7}: NameServer = 10.185.21.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = osmosis.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = osmosis.local
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 8490 bytes
Logged
Samker
SCF Administrator
*****

KARMA: 86
Gender: Male
Location: Europe
Posts: 5071


Whatever doesn't kill us makes us stronger.

Google Talk
WWW
« Reply #5 on: 27. November 2008., 15:01:23 »
Ok Futterplop, I'll check your log and think about this problem.

Please check later this topic, for my reply.

Regards,

S.
Logged
~

SCF "Remote PC Assist": http://scforum.info/index.php/topic,3067.0.html

~~~
Samker
SCF Administrator
*****

KARMA: 86
Gender: Male
Location: Europe
Posts: 5071


Whatever doesn't kill us makes us stronger.

Google Talk
WWW
« Reply #6 on: 27. November 2008., 18:06:08 »
Hi again Futterplop.

I "see" some things in HJT logs but for my opinion it will be better to start with this two things:

1. Upgrade your XP to Service Pack 3: http://scforum.info/index.php/topic,1496.0.html

2. Download and Run McAfee Virtual Technician: http://mvt.mcafee.com/mvt/default.asp


After that, test your McAfee and provide me new information about problems.
Of course don't forget new HJT log.

Regards,

Samker
Logged
~

SCF "Remote PC Assist": http://scforum.info/index.php/topic,3067.0.html

~~~
c2c2
SCF Newbie
*

KARMA: 0
Posts: 1
« Reply #7 on: 11. February 2009., 18:27:23 »
Very Good
Logged
jake2pointzero
SCF Member
**

KARMA: 6
Posts: 53
« Reply #8 on: 27. February 2009., 18:09:15 »
Hi Samker,

I also experience the BO:writable BO:STACK. And we found out the PC is infected with Conficker worm which is going around in our network. We tried running the Microsoft Removal Tool and it detect a conficker worm. What we did is we update and patch our Operating system with MS008-067,068 and MS009-001 and update our mcafee virus scanner. After that the error is gone.
Logged
Samker
SCF Administrator
*****

KARMA: 86
Gender: Male
Location: Europe
Posts: 5071


Whatever doesn't kill us makes us stronger.

Google Talk
WWW
« Reply #9 on: 27. February 2009., 20:55:44 »
Quote from: jake2pointzero on 27. February 2009., 18:09:15
Hi Samker,

I also experience the BO:writable BO:STACK. And we found out the PC is infected with Conficker worm which is going around in our network. We tried running the Microsoft Removal Tool and it detect a conficker worm. What we did is we update and patch our Operating system with MS008-067,068 and MS009-001 and update our mcafee virus scanner. After that the error is gone.


Thank you my friend, your information's about resolving this problem are very useful.  thumbsup

Regards,

Samker
Logged
~

SCF "Remote PC Assist": http://scforum.info/index.php/topic,3067.0.html

~~~
Pages: 1 2 »
  Print  
Security [CENTRAL] Forum - SCforum.info > SCF Support Area: > >>> PC Help Center !!! <<< (Moderators: neerajrawat1, jheysen) > Topic: BO:writable BO:stack (McAfee 8.5 Patch 7)
 « previous next »
 
Jump to:  

Enter your email address to receive daily email with 'SCforum.info - Security CENTRAL Forum' newest content:

Terms of Use | Privacy Policy | Advertising
Powered by MySQL Powered by PHP Powered by SMF | SMF © 2011, Simple Machines
TinyPortal © Bloc 		Valid XHTML 1.0! Valid CSS!


Google visited last this page 16. May 2012., 12:51:53