BO:Stack

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Shred666, Nov 4, 2006.

  1. Shred666

    Shred666 Private E-2

    Hi,

    No idea how I got it in the first place, but I turned on my pc today and found that I couldnt open Internet Explorer, and when I try to open it McAfee VSE detects a virus:

    Virus Type: BO:Stack - Buffer Overflow
    Status: Blocked by buffer overflow protection.
    Location: C:\\...\iexplore.exe::LoadLibraryA

    This also happens with Windows Media Player, but with location as C:\\...\wmp(or whatever its called).exe::LoadLibraryA

    I unistalled IE and a warning/message (in a formal-looking grey box) said Remote Procedure Call windows is shutting down in (time). I turned it back on but all I could get was my desktop (no icons, no taskbar, just the desktop colour). I ctrlaltdel'd it and noticed on shutdown it said shutdown and install updates, weird but I did it. It installed 3 updates, I turned the pc back on, the same thing happened and this time it had just 1 update.
    I turned the pc back on again, this time everything loaded ok. I ran avg, adaware and spyware doctor, which removed quite a lot of stuff, 4 of which were some kind of trojan (which stupidly I didnt note down). However I noticed IE was still installed, clicked to open it, and the same virus popup came up. It might be worth noting that I also tried Firefox, which worked the first time but on the second attempt clicking on the icon appeared to do absolutly nothing... Opera worked fine every time though.

    So, not knowing what to do, I tried a system restore. The first half worked but after the reboot the desktop wasn't opening again, like before but this time there wasn't any "shutdown and intall updates" option. Right now its still like that and it hasn't loaded for about 3 hours, so Im guessing its not just being slow... =\


    And now here I am, begging for help. Had I of had a straight head at the time I could actually load windows, I would have installed and run hijackthis, but I didnt. I havn't tried running in safe mode.

    Thanks for reading, I hope someone can help me...

    Shred.
     
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Welcome to Majorgeeks! We are very shorthanded with Chaslang on vacation, so please be patient.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds