Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee detects buffer overflow in svchost.exe


  • Please log in to reply
No replies to this topic

#1 GerryMarkham

GerryMarkham

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 10 September 2009 - 10:28 AM

I am getting this message several times a day on 2 PCs:

===========================================
McAfee has automatically blocked a buffer overflow.
About this Buffer Overflow
File: C:\WINDOWS\System32\svchost.exe
===========================================

However when I run a complete scan with McAfee Security Center nothing is found.

This occurs on both PCs where McAfee Security Center 9.15 is installed.

I have uploaded C:\WINDOWS\System32\svchost.exe to Virustotal.com and nothing was found.

I had Conficker virus on these machines, but I believe it was successfully removed, as indicated by McAfee and several other virus scanners.

I am not getting any of the usual conficker symptoms, and scanning my running processes with the University of Bonn Conficker detection tools finds nothing.

I have also run the McAfee Conficker S.t.i.n.g.e.r.exe program, which indicates that svchost.exe is in fact infected, but a scan of my machine using S.t.i.n.g.e.r.exe again finds nothing on any file on my hard drive.

Full scans with other tools such as Windows defender and Malicious Software Removal Tool also indicate nothing.

Again my PC is showing none of the usual Conficker symptoms. Only McAfee seems to see any sort of problem.

Questions:

1. Is this an infection attacking svchost.exe, or could it be just a legitimate but buggy program running under svchost.exe ?

2. Could it be a problem with McAfee's buffer overflow detection?

3. If this is just a buggy program running in svchost.exe how does one find which application that is causing the problem?

4. There is a McAfee file called BufferOverflowProtectionLog.txt that I have heard about but do not see on my own PC. What application is supposed to generate this log?

5. I have tried to install different virus scanners such as AVG but most of them say that previously installed virus scanners (e.g. McAfee) would be problematic. Does that mean I have to uninstall McAfee in order to try other virus scanners?

6. Any help you can provide in finding and removing this problem would be greatly appreciated.

Edited by GerryMarkham, 10 September 2009 - 11:16 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users