Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Dllhost.exe detected an overrun of a stack-based buffer

6K views 12 replies 2 participants last post by  kevinf80 
#1 ·
Hello,

Thanks for taking the time to read this, I'm usually very hesitant to ask for assistance but I can't do this alone. So thank you.

Firstly, as I mentioned in the title, I receive the overrun of a stack-based buffer for the dllhosts.exe error and there have been other telltale signs of some hidden malware/virus on my system.....


Secondly, when I put my desktop PC into sleep mode, it ALWAYS instantly turns back on, won't rest unless I turn it off completely.


Thirdly, I've noticed there's an application called "Melodyne" on my pc that I had downloaded with "Studio One 4" which is a DAW for creating music but when I tried to uninstall it, it would not let me. It tried to run the uninstaller but windows blocks it and won't even give me an option to let the uninstaller run.

There are a few other smaller items like higher CPU usage and network connectivity that I've noticed too but I think you get my point here.

I've run multiple virus scans, online, offline scans, went through all my programs to uninstall anything that was sketchy etc. and I can't figure it out. I'm usually very careful online so not sure what happened here and I feel like whatever this is on my PC, it's a fairly well developed virus.

Thank you for your time.
 
See less See more
#2 ·
Hello JesseJamez55 and welcome to TSG....

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Export to Txt" then attach the log to your reply...

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....
 
#4 ·
Hello Jesse,

Do not see any obvious Malware or Infection in your FRST logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download

Right click on the Tool, select "Run as Administrator" the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Next,

Scan with Autoruns

Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop.

Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following:

  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK
  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:

    Hide empty locations
    Hide Windows entries

  • Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:

    Verify code signatures
    Check VirusTotal.com

  • Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
  • Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP folder you just created to your next reply

Let me see those logs in your reply..

Thank you,

Kevin
 

Attachments

#8 ·
Hiya JesseJamez55,

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Let me know if there are any remaining issues or concerns..

Thank you,

Kevin
 

Attachments

#12 ·
Hi Kevin,

Unfortunately, I am still having the same issues as before but now it is saying that Lockapp.exe detected an overrun of a stack-based buffer. I believe I have seen another app or two that is in the same boat but I can't recall exactly which ones they were.

There's something on my PC.


Hope you are doing well,
 
#13 ·
Hello JesseJamez55,

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Select the Windows Key and R Key together, the "Run" box should open.



Drag and Drop KVRT.exe into the Run Box.



C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.



add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo
should now show in the Run box.



That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply.

To start the scan select OK in the "Run" box.



The Windows Protected your PC window will open, select "More Info"



A new Window will open, select "Run anyway"



A EULA window will open, tick both confirmation boxes then select "Accept"



In the new window select "Change Parameters"



In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...



When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"



When complete, or if nothing was found select "Close"



Attach the report information as previously instructed....

Thanks,

Kevin
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top