Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

System Settings overrun of a stack based buffer error

Inactive 
4K views 20 replies 5 participants last post by  kevinf80 
#1 ·
IF you could help me I would very much appreciate it. I cannot access privacy settings and when I do try to I get the following pop up: systemsettings.exe error: This system detected an overrun of a stack based buffer in the application. This overrun could potentially allow a malicious user to gain control of the application.

I did the scannow command but that didnt work. Is there anything that can be tried before reinstalling windows? Also, for some reason my computer says it doesn't have TPM enabled and I also cannot add a new user in the account settings. Any help would be appreciated.
 
#9 ·
I might have done that trying to figure out what was wrong w/it. But I thought I removed it. and when I go to add or remove programs it is no longer there. Can you tell if it is still on my computer w those scan results and if so how do I get rid of it? thanks
 
#10 ·
Hello yoshi8929,

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.



The system will be rebooted after the fix has run.

Next,

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes use the instructions in the following link:

https://support.malwarebytes.com/hc...ports-and-History-in-Malwarebytes-for-Windows

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download

Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Full Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 

Attachments

#11 ·
When I ran the ADW cleaner it didn't restart my PC after it was completed,so I 'm not sure if that is important or not. Also, after I ran the FRST 64 file and it rebooted and I opened chrome up, it said chrome had crashed and then at the top was this: chrome://new-tab-page-third-party Not sure if that is relevant or not but I have never seen that before and could it mean the computer isn't shutting down properly ?
Here is the copy and pasted file:
No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Restoro Key
Deleted HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\RestoroActiveProtection
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Restoro
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2454 octets] - [07/11/2021 12:35:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
#12 ·
I havent attached the microsoft safety scanner results as its been running for over half hour and it doesnt even seem to be even close to finishing. it looks like its not even at 5%. Is that about right? and it says its scanning at currently over a million files?
 
#14 ·
The microsoft safety scanner finished and said nothing was found and there was no log generated however, when it was running, it said 21 infected files so I dont know why it didn't show it at the end. I dont see any new file on the desktop but I do have a fix file in downloads so I'll attach that. Also , I still cannot access privacy settings. (still says system detected overrun of stack based buffer in this application)
 

Attachments

#15 ·
Hiya yoshi8929,

Regarding Microsoft Safety Scanner:

To answer your question, you need to fully understand how the Microsoft security apps actually operate, since that's part of why this sort of situation can be confusing to those who don't.
The "Files Infected" count displayed on the Microsoft Safety Scanner, scan in progress screen or any of their other security products for that matter, is actually just a preliminary status indication that there are items which may contain malware. In many cases these specific items have been found in the past to be related to malware, but they are all really just small fragments that have matched signatures, but aren't yet truly confirmed as the specific malware that might include them.
Near the end of the scanning process around 95% complete, the Microsoft scanners all perform a MAPS (Microsoft Active Protection Service) request via internet to the the Microsoft cloud servers in order to upload their initial findings and request confirmation that these findings are either truly malware or instead possible false positive detections or incomplete fragments of inactive malware.
Though the entire process isn't displayed, the clues to this are the following 2 lines in the findings

No infection found

Successfully Submitted MAPS Report


So what actually happened is that the scanner found possible malware fragments, communicated with the MAPS servers and confirmed there weren't any active malware that it can identify running and completed its operation by reporting these final results as well as uploading its reporting to MAPS as a record.
This final step is important, since as I stated above "there weren't any active malware that it can identify running" on your device, but that doesn't necessarily mean there might not be something that Microsoft's Security Intelligence has yet to determine is a new form of malware. What this report does is allows Microsoft to collate this information within the automated MAPS cloud system and look for such possible new malware patterns, along with those from the millions of other Windows Defender and other scanners operating in real time on many systems.
So there's nothing truly wrong with what the Safety Scanner found and likely no true malware, since this activity is fairly common, but the operation of all of these Microsoft scanners is really far more complex and deep than most people understand.

Can you set your system to run in "Clean Boot" see if you can access privacy settings in that mode...

Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

Let me know if that helps...

Thank you,

Kevin
 
#18 ·
Please download VEW by Vino Rosso from HERE and save it to your Desktop.

  • Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

Please post the Output log in your next reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top