Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

buffer overflow caused by SVchost.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 knifeman

knifeman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 07 December 2008 - 02:18 PM

Using Windows XP Home edition, version 2002, service pack 3

When I boot up the computer, I get the warning message that a Buffer Overflow was caused by windows/system/svchost.exe

This will usually come up in the McAfee info window several times.

I then ran McAfee virus scan, and it detected and removed:

Cutwail.gen.a (trojan)
FakeAlert-AX (trojan)
FakeAlert-AG-gen.b (trojan)
Cutwail!rootkit (trojan)

Also, Internet Explorer Version 6.0.2900.5512.xpsp_sp3_gdr.080814-1236 began to shut down with the warning that add-on deSrcAs.dll (mywaysearchassistant) was causing the problem.

I rebooted computer, was able to get into Internet Explorer, and disable that add-on.

Problem is this:

When I start the computer, it still gives me the buffer overflow warnings, and McAfee again runs a scan and detects the same problems as it did before. It quarantines and removes, but nothing changes.

Can someone please help me with this problem?

Thanks
Walt

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:29 AM

Posted 07 December 2008 - 05:00 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:29 AM

Posted 26 December 2008 - 11:00 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users