Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer.exe buffer overflow.


  • Please log in to reply

#1
CBMatt

CBMatt

    Member

  • Member
  • PipPip
  • 87 posts
I've been getting a lot of buffer overflow warning messages from McAfee SecurityCenter lately, all stating that explorer.exe is trying to use up more memory than is intended.

McAfee has automatically blocked a buffer overflow.

Details
Detection:
File: C:\WINDOWS\Explorer.EXE

More Info
Buffer overflows occur when suspect programs or processes try to store more data in a buffer (temporary data storage area) on your computer than its limit, corrupting or overwriting valid data in adjacent buffers.

If you do not recognize this activity, McAfee recommends that you continue to block it. If you recognize this activity, trust it in the future.


A search leads me to results saying it could either be an infection or a memory problem. I've tested my memory and everything looks fine. I run virus scans on a very regular basis, so I doubt that's it. I've researched a few related worms and trojans, and I don't seem to have anything. All of my virus scans are clean, and HijackThis shows nothing out of the ordinary. I'm thinking maybe I'm somehow overloading Windows Explorer (not Internet Explorer). Would that make sense?

It seems to be happening a lot since downloading a bunch of large videos at my friend's house (using my sister's laptop, which I maintain and clean on a regular basis). The videos are legit and come from a popular site and nobody else seems to have any problems with them. But when running a few of the videos, I get the buffer overflow warning. Then once that happens, Explorer starts acting up. If I open a folder containing some of the videos, I can't rename or move them because they're being used by Windows Explorer, even if I haven't actually opened the videos. I have to close the handles with Process Explorer to do anything.

Also, certain folders stop responding after the warning, even folders that don't hold any videos. If I end/restart Explorer, it will stop for awhile, but it eventually happens again. It doesn't completely stop until I restart my computer. However, once I start watching the videos again, my problems return. So far, it seems to primarily be tied to these videos. Not only these specific videos, though.

Other videos downloaded from other sites that same night also cause the warning. And I even get it from opening a folder containing old videos that never caused a problem before. It seems that it happens whenever a folder contains at least one video over 100 MB in size. I'm wondering if I should try uninstalling some of the most recent hotfixes. Not really sure if they might be related or not, though.

I really don't think these videos are infected, as they come from a trusted source, and I've scanned them with several programs. Are they simply demanding too much from Windows Explorer? Each video is about 180 MB. That's never been a problem before, though. What do you guys think about this? I'm tempted to allow the buffer overflow, but that seems potentially dangerous.

My McAfee SecurityCenter is expiring very soon and I don't have the money to renew my subscription right now, so I'm concerned that I won't be able to block these buffer overflows anymore. Any help would be greatly appreciated.

Programs I've scanned with (in Safe Mode) include: McAfee SecurityCenter, AVG Anti-Virus, AVG Anti-Spyware, SUPERAntiSpyware, Spybot - Search & Destroy, Ad-Aware, Blacklight.

My system specs are...
Posted Image

And these are my installed SecurityCenter programs...
SecurityCenter
Version: 7.2
Build: 7.2.147
Language: en-us
Last Update: 3/22/2007

VirusScan
Version: 11.2
Build: 11.2.124
Language: en-us
Last Update: 6/23/2007
DAT Version: 5059.0000
DAT Creation Date: 6/22/2007
Engine Version: 5100.0194

Personal Firewall
Version: 8.2
Build: 8.2.122
Language: en-us
Last Update: 6/21/2007

SiteAdvisor
Version: 2.4
Build: 2.4.6066
Language: en-us
Last Update: 4/14/2007

SpamKiller
Version: 8.2
Build: 8.2.137
Language: en-us
Last Update: 6/23/2007
Content Version: 590.0.154.154

Privacy Service
Version: 9.2
Build: 9.2.134
Language: en-us
Last Update: 5/8/2007
  • 0

Advertisements


#2
starjax

starjax

    Global Moderator

  • Global Moderator
  • 6,591 posts
I would seriously consider uninstall McAffee and going with AVast or AVG. I fully believe your issue to be related to Mcaffee and not to anything else on your system.
  • 0

#3
CBMatt

CBMatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I've been a user of AVG for a few months now and I intend on using it as my primary active scanner once the subscription runs out. I've had McAfee on this computer since I got it in December '06 and I don't know why this would suddenly start happening half a year later. My activities haven't changed and nothing significant has been changed on my computer that I'm aware of. I plan on uninstalling McAfee soon because it will be useless anyway, but how will I know if this changes my problem? Withough McAfee blocking the buffer overflow anymore, I won't know if this is still happening. I'll be switching to Comodo as my firewall, but I don't think it (or any of the other free firewalls) blocks buffer overflows. Information on this is tough to find, so any further advice would be appreciated. My problems go unnoticed over at the McAfee forums.

Edited by CBMatt, 26 June 2007 - 12:36 PM.

  • 0

#4
starjax

starjax

    Global Moderator

  • Global Moderator
  • 6,591 posts
1)I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

2)a recent security update from microsoft is known to cause this issue. Please make sure you have installed all of the critical updates for your system. It may be related to this: http://support.microsoft.com/kb/935448
  • 0

#5
CBMatt

CBMatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I'm not a malware expert, but I'm pretty sure this isn't related to an infection; all of my scans came back clean and my HijackThis log has only legitimate entries that I'm familiar with.

With that said...I visited the link you provided and I downloaded the update (along with three others). This didn't solve my problem, but I did notice a big difference. Someone suggested getting newer codecs, so I downloaded an AVI Codec Pack. Since doing the aforementioned, I haven't received any warning messages, even after watching several of the videos.

I can't be 100% sure, but it looks like my problem might be resolved. I'm going to give it a few days and if everything continues problem-free, then I'll go ahead and uninstall McAfee. Thanks for your assistance here, starjax.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP