Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV blocked AOL.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 bass740

bass740

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 06 February 2014 - 07:15 PM

Never seen this behavior before by this AV, it blocked a 189kb exe file thatas in the AOL folder. Labeled AOL.exe

 

SOme readable text from the program, if anyonne can see a malicious attempts.

 

  SING error
    DOMAIN error
  R6029
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
   R6028
- unable to initialize heap
    R6027
- not enough space for lowio initialization
    R6026
- not enough space for stdio initialization
    R6025
- pure virtual function call
   R6024
- not enough space for _onexit/atexit table
    R6019
- unable to open console device
    R6018
- unexpected heap error
    R6017
- unexpected multithread lock error
    R6016
- not enough space for thread data
 
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
   R6009
- not enough space for environment
 R6008
- not enough space for arguments
   R6002
- floating point not loaded
    Microsoft Visual C++ Runtime Library   
 
  Runtime Error!
 
Program:    ... <program name unknown>      ÿÿÿÿ"‹A &‹A     ÿÿÿÿf‹A j‹A Program:    A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
 Buffer overrun detected!        A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
    Unknown security failure detected!  ÿÿÿÿ[ŒA _ŒA     ÿÿÿÿ    …ŽA     KŽA TŽA ÿÿÿÿÚŽA ãŽA     ÿÿÿÿ    YA     •A äA ÿÿÿÿ>’A B’A     ÿÿÿÿ:–A >–A     ÿÿÿÿg–A k–A e+000             ð?   À~PA   €ÿÿGAIsProcessorFeaturePresent   KERNEL32    InitializeCriticalSectionAndSpinCount   ÿÿÿÿwA …A     ÿÿÿÿ§ A « A     ÿÿÿÿ    €¢A                                                                                                                                                                                                                                                                                       ( ( ( ( (                                     H „ „ „ „ „ „ „ „ „ „ ‚ ‚ ‚ ‚ ‚ ‚                                                                                                                                                                                                                                                                                        h ( ( ( (                                     H „ „ „ „ „ „ „ „ „ „ ‚‚‚‚‚‚                                                                    H HH:mm:ss    dddd, MMMM dd, yyyy MM/dd/yy    PM  AM  December    November    October September   August  July    June    April   March   February    January Dec Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan Saturday    Friday  Thursday    Wednesday   Tuesday Monday  Sunday  Sat Fri Thu Wed Tue Mon Sun ÿÿÿÿ °A ¤°A     ÿÿÿÿ    J´A     ÿÿÿÿ    ëµA         KµA ÿÿÿÿ    †¶A     ÿÿÿÿ    »¹A GetProcessWindowStation GetUserObjectInformationA   GetLastActivePopup  GetActiveWindow MessageBoxA user32.dll      ÿÿÿÿ    TÊA 1#QNAN  1#INF   1#IND   1#SNAN      ÿÿÿÿXÏA \ÏA ÿÿÿÿòÏA öÏA @ œ@
@ ]@ íA íA invalid map/set<T> iterator map/set<T> too long "       
 
    -/  Â@ œ@
@ ]@ ã@ ¼@ -z  -u  -t  -s  -r  -p  -o  -n  -m  -k  -j  -h  -f  -eu -e  -d  -b  -a  -?  -v  -v %s   :\  /oem2   /oem1   /nodskbr    /notlbar    /x  /s  SelectOn    WRAM     Failed HC check.   WHC  Failed SR check.   WSR WVRES   WHRES   CComponent::NeedsWarning()  CComponent::IsAdmin() : User has admin rights   CComponent::IsAdmin() : AllocateAndInitializeSid() FAILED [%d]  CComponent::IsAdmin() : GetTokenInformation() FAILED [%d]   CComponent::IsAdmin() : Failed to allocate memory   CComponent::IsAdmin() : OpenProcessToken() FAILED [%d]  CComponent::IsAdmin() : OpenThreadToken() FAILED [%d]   CComponent::IsAdmin() : Equivalent of admin rights : OS is 9.x  CComponent::QueryInstaller() : CreateProcess FAILED : [%d]   Installer took [%ld] seconds for query CComponent::QueryInstaller() : TIMEOUT   Query cmd line = [%s]  "%s" %s CComponent::NeedsInstall()... %s    NO  YES InstOn  ni  %s:%d   ID  CComponent::NeedsInstall() : Component = [%s] Return = [%d] CComponent::NeedsInstall() : Check DLL ran for [%ld] seconds    NeedsInstall    ChkDLLSrc   CComponent::NeedsInstall()...    Requires [%s] KB of pad space  PadSize  Requires [%s] KB of TEMP space TmpSize  Requires [%s] KB of Alt space  AltSize  Requires [%s] KB of Sys space  SysSize  Failed to query installer for disk space   InstQTimeout    InstSrc InstQParams  Failed IE : Need: [%s] Have: [%.4f]    IE   Allowing install on unknown OS : [%.2f] SP [%d]     Failed OS : Need: [%s] Have: [%.2f] SP [%d]    +   SP  ,   OS   Failed RAM : Need: [%s] Have: [%.0f]   RAM  Failed accessibility helper detected.  Y   1   ACCESSBLOCK  Failed VRes : Need: [%s] Have: [%d]    VRES     Failed HRes : Need: [%s] Have: [%d]    HRES     Failed CPU Speed : Need: [%s] Have: [%d]   CPUSPEED     Failed CPU test    PENTIUM 486 386 CPU  Failed admin rights test   Component supports 64 bit OS     Failed OS architecture test: 64 bit architecture is not supported  N   0   WOW64   kernel32.dll    IsWow64Process  CComponent::IsQualified()    Success    CComponent::Initialize() : [%s] ...     \   Perform white listing for %d apps   Found app to white list: [%s] : [%s]    WLApp_  WLKey_  WLName_ WL  HKEY_USERS  HKEY_LOCAL_MACHINE  HKEY_CURRENT_USER   HKEY_CURRENT_CONFIG HKEY_CLASSES_ROOT   HKEY_   %c:\%s  :   CComponents::ReplaceShellFolderToken() : Failed to get shell folder [%d]     [%s]       CComponents::ReplaceShellFolderToken() : Failed to replace token in [%s]    %WINDOWS%   %SYSTEM%    %PROGRAM_FILES_COMMON%  %PROGRAM_FILES% %LOCAL_APPDATA% %COMMON_DOCUMENTS%  %COMMON_APPDATA%    %APPDATA%   CommonFilesDir  ProgramFilesDir Local AppData   Common Documents    Common Appdata  AppData SOFTWARE\Microsoft\Windows\CurrentVersion   SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders    SHGetFolderPathA    shfolder.dll     DeleteFile failed [%ld]     SetFileAttributes failed [%ld] CComponents::CleanTempFiles(): Delete temp file [%s]      FAILED : [%d]  Dest: [%s]  Src:  [%s] NAME_   FILE_   CComponents::CopyTempFiles()    %s%s%s  CComponents::CatPath() : GetShortPathName() failed! %s\%s   %s%s    %INST%  WLPath_ %MSISRC%    %INIPATH%   InstParams  InstDest    VPCPath VPCName VPPath_ %s%d    VPName_ LogPath CComponents::ProcessMain() : No valid installation directory specified: [%s]    InstDir Main    mid MID Software\America Online\MID GUI DRIVER: ProcessCmdLine(): Cmd line for [%s] = [%s]  DRIVER: ProcessCmdLine(): Segment = [%s]    #    %s DRIVER:  FAILED to write relaunch self to runonce key   DRIVER:  Wrote relaunch self to runonce key AOLInstallLaunch    "%s"    DRIVER: GetModuleFileName() failed! DRIVER:  A reboot is %s     not pending pending DRIVER:  FAILED to write Reboot Pending to runonce key  DRIVER:  Wrote Reboot Pending to runonce key    AOLRebootNeeded regsvr32.exe /S DRIVER:  Created HKLM RunOnce key : %s  DRIVER: CleanUp .lnk    \*.lnk  %s\%s.lnk   RetryDesc   RetryText   DRIVER: Wrote suite app to runonce key : %s AOLID   DRIVER: Created HKCU RunOnce key : %s   FAILED  SUCCESS DRIVER: Failed to open RunOnce key : [%d]   Software\Microsoft\Windows\CurrentVersion\RunOnce   DRIVER:  FAILED to launch suite app [%s] Error: [%d]    triggering windows restart...   SeShutdownPrivilege Attempting to obtain Shutdown Token DRIVER:  Sent WM_MODCOMPLETE: num=%d    DRIVER:  Sent WM_CANCELED   DRIVER:  Bad CWorklist::Process() result!   DRIVER:  User Cancelled DRIVER:  Sent WM_SUCCESS    DRIVER:  Sent WM_MODNUMTOTAL: num=%d    /R  DRIVER:  Sent WM_FAILED DRIVER:  Sent WM_NONE   DRIVER:  Sent WM_NOQUALIFY  DRIVER:  Sent WM_FAILDISKSPACE  -FC -SC Launching GUI thread    %s - Error:%d: %s   Could not GetProcAddress for StartUI    Could Not Load GUI DLL  DRIVER:  WM_SKIPSELECTION received  DRIVER:  WM_WARNINGACCEPTED received    DRIVER:  WM_GUI_RELAUNCH received   DRIVER:  WM_DESTROY received    DRIVER:  WM_CLOSE received  GUI has ended with code: %d DRIVER:  Sent WM_GUIEND er  DRIVER:  Received WM_GUIDONE    DRIVER:  Received WM_REBOOTREQUEST from ProgUpd.dll DRIVER:  Received WM_CANCELING  DRIVER:  Received WM_CONTINUEINSTALLING DRIVER:  Sent WM_MODSTARTING    DRIVER:  Received WM_STARTINSTALLING    DRIVER:  Received WM_GUISTARTED DRIVER: message = %d wParm = %d lParam = %d DRIVER: ... Did not find progress GUI   DRIVER: ... Found progress GUI  AOL Installer   DRIVER: Searching for progress GUI ...  /G  ERROR: Failed to LoadGUIDLL DRIVER: Running in silent mode  /S  DRIVER: No Package ID specified!    InstallerDriver DRIVER: Failed to set System Restore point [%s] [%ld]   DRIVER: Set System Restore point [%s]   %i.%i.%i.%i 1.0 DRIVER: Working directory is: [%s]    Failed : [%d]   Dest: [%s]      Src:  [%s]    DRIVER:  Copy ini ...   %s.ini  -ini    DRIVER: Invalid argument for [%s] [%s]  /WD -inipath    Starting Installer Driver   ERROR: Failed to CreateWindow   DRIVER: Exit Code: %d   DRIVER: Failed to End System Restore point [%s] [%ld]   DRIVER: End System Restore point [%s]   pe  lcp Global\InstDriverSync   /NS äB ÜB StartUI gui.dll rq@ 1p@ %.2d/%.2d/%d %.2d:%.2d:%.2d %s  %s%s-%d%s   Install .log    %s\ ds  ram npr 999 br  os  csd cpu xxx rq@ ßq@
   w   a+  SymGetSymFromAddr   SymGetModuleBase    SymFunctionTableAccess  StackWalk   SymCleanup  SymInitialize   IMAGEHLP.DLL    %hs+%X  s%d %04X:%08X %s    NTDLL.DLL   INVALID_HANDLE  GUARD_PAGE  INVALID_DISPOSITION STACK_OVERFLOW  NONCONTINUABLE_EXCEPTION    ILLEGAL_INSTRUCTION IN_PAGE_ERROR   PRIV_INSTRUCTION    INT_OVERFLOW    INT_DIVIDE_BY_ZERO  FLT_UNDERFLOW   FLT_STACK_CHECK FLT_OVERFLOW    FLT_INVALID_OPERATION   FLT_INEXACT_RESULT  FLT_DIVIDE_BY_ZERO  FLT_DENORMAL_OPERAND    ARRAY_BOUNDS_EXCEEDED   SINGLE_STEP BREAKPOINT  DATATYPE_MISALIGNMENT   ACCESS_VIOLATION    IMAGEHLP.DLL or its exported procs not found    m   lad %02X:%08X   ad  et  ec  %08X    GPF VerSetConditionMask VerifyVersionInfoA  VISTA   XP64    SVR03   XP  2K  NT4 NT3 ME  98SE    98FE    95  %ld:%ld:%ld GetDiskFreeSpaceExA Build   SOFTWARE\Microsoft\Internet Explorer    %d.%d   %d.%d,%s    Tracer Sender Window Created    Trace Sender    TracerSrc   ASSERT FAILED in %s line %d  -->> '%s'  Last Error: %ld-%s  %.19s.%hu %.4s  Trace Monitor   C   list<T> too long       VP [%d] was already created    Missing virtual product values!        SetLocale() returned [%d]      LocaleVer  = [%s]       Locale = [%s]      SetLocale()  VPLocaleVer_    VPLocale_        AddProduct() returned [%d]     Path = [%s]     Disp = [%s]     Ver  = [%s]     Name = [%s]    AddProduct() [%d]:   VPUDisp_    CWorkList::NeedsWarning() : Add component to warn list [%s] CWorkList::NeedsWarning() : Component : [%s]    CWorkList::NeedsWarning()   ForceComponent() : [%s] SkipComponent() : [%s]  AddForceComponent() : [%s]  AddSkipComponent() : [%s]   CWorkList::SetWorkingDir() : ERROR! Bad path value  RC  %d  RCLogPath   ALL SRName  PkgID   RemoveCancelVirtualProduct(): Failed to load ref track API  RemoveCancelVirtualProduct(): Failed to find RemoveSingleProductByName API  RemoveSingleProductByName() returned [%d]   RemoveSingleProductByName   RemoveCancelVirtualProduct() : Using [%s]   RemoveCancelVirtualProduct() : Invalid cancel virtual product values     AddComp() returned [%d]      Version  = [%s]     Product = [%s]     Add reference to [%s] version [%s]:    AddCancelReference(): No Ref track api specified    AddCancelReference(): Failed to load ref track API  AddCancelReference(): Failed to find AddComp API     Invalid cancel virtual product values! AddCancelReference() : Using [%s]   RegisterCancelVirtualProduct(): No Ref track api specified  RegisterCancelVirtualProduct(): Failed to find AddProduct API   RegisterCancelVirtualProduct(): Create virtual product: %s  Failure Succees  AddProduct() returned [%d] RegisterCancelVirtualProduct() : ERROR: Missing cancel virtual product values!    Path = [%s]    Virtual product values:    VPCVer  VPCUDisp    RegisterCancelVirtualProduct() : Using [%s]  [%d] is a valid non zero success code   Non zero success codes [%s] : ProcExit [%d]    NZSuccess   CWorkList::IgnorePendingReboot() : Ignore pending reboot    IgnorePendingReboot CWorkList::DoRefTracking() : End     ERROR LoadLibrary() [%d]    SetUninstDispStr() returned [%d]     Disp  = [%s]   SetUninstDispStr:  AOLUninstStr    SelfRef  SetUninstDispStr API not found!    SetUninstDispStr      Missing virtual product values for VP [%d]       No reference type specified   RefAddUninstPlugin() returned [%d]   Error  = [%s]   Path  = [%s]    Ver  = [%s]     Name = [%s]   PluginError Plugin     Invalid reference type specified: [%s]        AddComp() returned [%d]        CompVer  = [%s]     CompName = [%s]    AddComp()         AddRef() returned [%d]     RefVer  = [%s]      RefName = [%s]     AddRef():      VP %d Name = [%s] Ver = [%s]: R   Type_   VPVer_   Add component [%s] to VP [%s]  Version Product VP   RefAddUninstPlugin API not found!   SetLocaleAndVersion API not found!  AddComp API not found!  AddRef API not found!   AddProduct API not found!  RefAddUninstPlugin  AddComp AddRef  SetLocaleAndVersion AddProduct   Using [%s] CWorkList::DoRefTracking() : Start  VPDLL   ExitCode    Failed to find installer at %s  CWorkList::CheckExes() : Failed to find exe [%s]     SUCCESS : [%s] LaunchParams    FAILED : SUITEDIR is missing    %s_%d   CWorkList::GetSuiteExe() : ...  LaunchApp   %s_1    LaunchPath   This application does not support 64 bit operating systems.     Failed to query installer for disk space requirements.  The minimum required version of Internet Explorer is not installed.     The user does not have administrators rights.   The computer is running an incompatible operating system.   The computer does not have enough RAM. The %s component failed to qualify for the following reasons:   Install from network drive not supported    No component needed to be installed.    No component needed installation.   Missing a required DLL  Missing a required check DLL.   Installation drive is not valid.    Target installation drive is not a fixed disk.  Failed to copy temporary files to the system TEMP directory.    The %c drive needs %.2f KB more free disk space.     Alt     Need: [%.2f] KB Have [%.2f] KB The %c drive needs %.2f more free disk space     TEMP    Need: [%.2f] KB Have [%.2f] KB  The %c drive needs %.2f KB more free disk space.   There is not enough free disk space to perform the installation...   System  Need: [%.2f] KB Have [%.2f] KB CWorkList::Build() : Suite FAILED diskspace check...    Failed to allocate memory. System memory is low.    The INI file is corrupt or not formatted properly.  Failed to find INI file.     CWorkList::Process() : User cancelled installation.     User cancelled installation.    Installation completed.     CWorkList::Process() : Installation completed.  CWorkList::Process() : Install failed: [%d]     Install failed: [%d]    CWorkList::Process() : Launcher returned failure    Installer launch failed: [%d] : ProcExit: [%d]  CWorkList::Process() : Launcher returned failure, but is a No Fail component..continue with install     Installer failed but is a NoFail component: [%d] : ProcExit: [%d]  NoFail  Installer ran for [%ld] seconds Attempt to launch installer: [%s]   Attempt to launch installer:  [%s]  InstFirstUpdPer InstProgTimeout InstTimeout %s %s    CWorkList::Process() : Install failed: Attempted to skip non selectable component [%s]  Install error: [%d]:[%s]   CWorkList::Process() : Skipping component : [%s]    CWorkList::Process()... CWorkList::Build() : FAILED to find ini file [%s]   CWorkList::Build() : FAILED to copy temp files  CWorkList::Build() : FAILED to load


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 11 February 2014 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523454 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 16 February 2014 - 07:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users