PDA

View Full Version : Buffer Overrun detected problem



Brian
02-04-2009, 05:56 PM
Hi guys!

I would really appreciate it if someone could help me resolve the following problem (which occurs at the initial Windows login screen). I get the following message:

Buffer Overrun detected!
Program:\??\C:\Windows\System 32\winlogon.exe

A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must be terminated

I was recommended to do a clean boot, but I cannot seem to get into the system to execute the clean boot. The computer is a Compaq Presario Model:R3000 running Windows XP Home with SP2

Once again, I appreciate any help and advice that will help me rectify this problem.

Thanx,
Brian :-)

Speedy Gonzales
02-04-2009, 06:01 PM
Doesn't sound good, sounds like its infected with something

Have you scanned it for viruses?

You may have to connect the hdd to a working system and scan it

Brian
02-04-2009, 06:05 PM
OK. I'm new to this.

The computer is a laptop. What would be the best way of conneting it to a working system and then scanning it?

TIA,
Brian :-)

feersumendjinn
02-04-2009, 06:16 PM
Sounds like its not completing boot-up, Speedy, so he can't virus check.
Brian, if you have access to another computer, take that drive out and plug it in as a slave (if it has a IDE interface) or just plug it in as a Sata drive into the other computer and scan it for viruses/malware.
(Ah (edit), you may need an adapter to do this with a laptop drive.
Dont think you could run a virus check with the laptop networked to another computer as you'd need the laptop running correctly (in XP or some other OS), to do it).
Alternatively, check your documentation to see if you have a restore partition on the Compac HDD, and try a repair installation of XP, (or reinstall if its absolutely necessary, you'll lose your data tho).

Speedy Gonzales
02-04-2009, 06:17 PM
Reboot it, then hold F8, then select safe mode / networking. Will it boot into safe mode??

If it does get hijackthis below, install and run it. Click on scan the system and save a log. Copy and paste the log here

Ah yer thats why I said to put it in a working system

Speedy Gonzales
02-04-2009, 07:12 PM
You may have conficker, looks like one or all of its variants can cause buffer overflows.

Was the update (that conficker hits) installed?

Blam
02-04-2009, 07:18 PM
Easiest and cheapest way would be to buy this (http://www.trademe.co.nz/Computers/External-storage/Other/auction-210923162.htm) and connect it to a PC via USB

I have one, so if you get stuck I can post some pictures here.

It seems that message indicated a seriously infected PC

If you can connect it to a working system, or you can boot into safe mode, download:

Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
[You may have to rename it to something else if the virus is restricting it from running]
ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Run MBAM, then copy and pastet he log here when done.

After that, reboot and run ComboFix. if you have any trouble during the process, read the tutorial here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Once all malware is removed, reboot, then disable and reenable system restore to clear any infected system restore points:

1. Right click on the My Computer icon on your desktop and select properties.
2. Click on the system restore tab.
3. Check the box that says "Turn off system restore on all drives". Click OK.
4. Click Yes if you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

Blam

Brian
02-04-2009, 07:28 PM
Thanks guys for all your help!

I'll keep you all posted on how I get on!

Thanx,
Brian :-)

Brian
02-04-2009, 08:34 PM
Hi guys!

I tried to go into Safe Mode (I even tried going to "Safe Mode with command prompt")

Everything seemed to be going fine until I got to the "Windows is starting..." splash screen. Then the infamous "Buffer Overrun detected" box popped up.

Any ideas as to where to go from here? I reckon that if somehow i could get to the command prompt I could access the partition with Windows in it and run the "setup.exe" and reinstall Windows. What do yu all think?

TIA,
Brian

Blam
02-04-2009, 08:43 PM
Have you tried last known configuration?

Your only options here are to connect the hard drive to a working PC and scan, or perform a repair or reinstall with a XP cd.

Blam