Inactive System Settings overrun of a stack based buffer error

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
IF you could help me I would very much appreciate it. I cannot access privacy settings and when I do try to I get the following pop up: systemsettings.exe error: This system detected an overrun of a stack based buffer in the application. This overrun could potentially allow a malicious user to gain control of the application.

I did the scannow command but that didnt work. Is there anything that can be tried before reinstalling windows? Also, for some reason my computer says it doesn't have TPM enabled and I also cannot add a new user in the account settings. Any help would be appreciated.
 
Joined
Sep 21, 2007
Messages
14,918
What security application are you using? The systemsettings.exe error doesn't sound like what Windows would say, too technical for MS's style.

When you say the scannow 'didn't work', did it give an error or did it finish normally but didn't find any problems?
 
Last edited:

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
121,952
Please advise what operating system you are running so we can move this to the right forum.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,388
I believe that in this case the first thing you have to do is check your computer for malware. In order to do that, please read here and post the appropriate logs in the appropriate Forum.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
121,952
Rather than starting a new thread please post any logs here and the thread will then be moved appropriately. :)
 

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
thank you and sorry for the delay . I am still having the same issue and cannot get into privacy settings and still get the same error message. Here are the scan results:
 

Attachments

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
I reran the above as I didn't run it as administrator so I am reattaching the files because I don't know if that is important or not but just in case here are the new files. Thank you.
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,627
Hello yoshi8929,

Did you knowingly install the following program:

Outbyte

Thank you,

Keevin.
 

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
I might have done that trying to figure out what was wrong w/it. But I thought I removed it. and when I go to add or remove programs it is no longer there. Can you tell if it is still on my computer w those scan results and if so how do I get rid of it? thanks
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,627
Hello yoshi8929,

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.



The system will be rebooted after the fix has run.

Next,

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes use the instructions in the following link:

https://support.malwarebytes.com/hc...ports-and-History-in-Malwarebytes-for-Windows

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Full Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 

Attachments

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
When I ran the ADW cleaner it didn't restart my PC after it was completed,so I 'm not sure if that is important or not. Also, after I ran the FRST 64 file and it rebooted and I opened chrome up, it said chrome had crashed and then at the top was this: chrome://new-tab-page-third-party Not sure if that is relevant or not but I have never seen that before and could it mean the computer isn't shutting down properly ?
Here is the copy and pasted file:
No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Restoro Key
Deleted HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\RestoroActiveProtection
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Restoro
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2454 octets] - [07/11/2021 12:35:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
I havent attached the microsoft safety scanner results as its been running for over half hour and it doesnt even seem to be even close to finishing. it looks like its not even at 5%. Is that about right? and it says its scanning at currently over a million files?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,627
Yes a full scan can take several hours, well worth running... I will also need to see the Fixlog from FRST, also the fix will have created a zip file to your Desktop, please attach that to your reply...
 

yoshi8929

Thread Starter
Joined
Oct 6, 2021
Messages
11
The microsoft safety scanner finished and said nothing was found and there was no log generated however, when it was running, it said 21 infected files so I dont know why it didn't show it at the end. I dont see any new file on the desktop but I do have a fix file in downloads so I'll attach that. Also , I still cannot access privacy settings. (still says system detected overrun of stack based buffer in this application)
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,627
Hiya yoshi8929,

Regarding Microsoft Safety Scanner:

To answer your question, you need to fully understand how the Microsoft security apps actually operate, since that's part of why this sort of situation can be confusing to those who don't.
The "Files Infected" count displayed on the Microsoft Safety Scanner, scan in progress screen or any of their other security products for that matter, is actually just a preliminary status indication that there are items which may contain malware. In many cases these specific items have been found in the past to be related to malware, but they are all really just small fragments that have matched signatures, but aren't yet truly confirmed as the specific malware that might include them.
Near the end of the scanning process around 95% complete, the Microsoft scanners all perform a MAPS (Microsoft Active Protection Service) request via internet to the the Microsoft cloud servers in order to upload their initial findings and request confirmation that these findings are either truly malware or instead possible false positive detections or incomplete fragments of inactive malware.
Though the entire process isn't displayed, the clues to this are the following 2 lines in the findings

No infection found

Successfully Submitted MAPS Report


So what actually happened is that the scanner found possible malware fragments, communicated with the MAPS servers and confirmed there weren't any active malware that it can identify running and completed its operation by reporting these final results as well as uploading its reporting to MAPS as a record.
This final step is important, since as I stated above "there weren't any active malware that it can identify running" on your device, but that doesn't necessarily mean there might not be something that Microsoft's Security Intelligence has yet to determine is a new form of malware. What this report does is allows Microsoft to collate this information within the automated MAPS cloud system and look for such possible new malware patterns, along with those from the millions of other Windows Defender and other scanners operating in real time on many systems.
So there's nothing truly wrong with what the Safety Scanner found and likely no true malware, since this activity is fairly common, but the operation of all of these Microsoft scanners is really far more complex and deep than most people understand.

Can you set your system to run in "Clean Boot" see if you can access privacy settings in that mode...

Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

Let me know if that helps...

Thank you,

Kevin
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top